ssh-keygen -Ql: avoid repeated SHA256: in output

Lucas lucas at sexy.is
Tue Apr 26 07:17:20 AEST 2022


Lucas <lucas at sexy.is> wrote:
> Hello list,
> 
> If a key is revoked by public key, when printing it, ssh-keygen adds a
> hardcoded "SHA256:" prefix and then prints the result of
> sshkey_fingerprint, which does already include that "SHA256:" prefix.
> Patch below, with extra context lines.

Bump again. Is this the correct list or should I send it to tech@
instead?


diff c70493106c794797cfb174ed7460065b1a4a89f7 /usr/src
blob - 1975ae6005abdad42436f049c7ed5511c66ea151
file + usr.bin/ssh/krl.c
--- usr.bin/ssh/krl.c
+++ usr.bin/ssh/krl.c
@@ -1382,15 +1382,15 @@ krl_dump(struct ssh_krl *krl, FILE *f)
 		}
 		if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
 		    SSH_FP_DEFAULT)) == NULL) {
 			ret = SSH_ERR_INVALID_FORMAT;
 			error("sshkey_fingerprint failed");
 			continue;
 		}
-		fprintf(f, "hash: SHA256:%s # %s\n", fp, sshkey_ssh_name(key));
+		fprintf(f, "hash: %s # %s\n", fp, sshkey_ssh_name(key));
 		free(fp);
 		free(key);
 	}
 	RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha256s) {
 		fp = tohex(rb->blob, rb->len);
 		fprintf(f, "hash: SHA256:%s\n", fp);
 		free(fp);


More information about the openssh-unix-dev mailing list