ssh: case insensitive fingerprint validation

Patrik Lundin patrik at sigterm.se
Wed Sep 9 07:16:55 AEST 2020


Hello!

I noticed the ssh client now allows you to paste a fingerprint at the
host key verification question which I thought was pretty cool and a
welcome feature.

When testing it out I discovered it did not care about the case of the
entered hash, and looking at sshconnect.c I see strcasecmp() is
used which explains why.

I'm just curious if this was a deliberate decision or if it would make
sense to actually care about the case since the base64 encoded sha256
fingerprints contains a mix of upper and lower case characters.

Regards,
Patrik Lundin


More information about the openssh-unix-dev mailing list