ssh: case insensitive fingerprint validation
Damien Miller
djm at mindrot.org
Thu Sep 10 07:58:16 AEST 2020
On Tue, 8 Sep 2020, Patrik Lundin wrote:
> Hello!
>
> I noticed the ssh client now allows you to paste a fingerprint at the
> host key verification question which I thought was pretty cool and a
> welcome feature.
>
> When testing it out I discovered it did not care about the case of the
> entered hash, and looking at sshconnect.c I see strcasecmp() is
> used which explains why.
>
> I'm just curious if this was a deliberate decision or if it would make
> sense to actually care about the case since the base64 encoded sha256
> fingerprints contains a mix of upper and lower case characters.
Yes, it should be case sensitive. I have committed a fix that will
be in OpenSSH 8.4.
Thanks,
Damien
More information about the openssh-unix-dev
mailing list