Bug 3494

Summary: ssh-keygen -r cannot disable SHA-1 digest
Product: Portable OpenSSH Reporter: Petr Menšík <pemensik>
Component: ssh-keygenAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: enhancement CC: djm, gaspard
Priority: P5    
Version: 9.1p1   
Hardware: Other   
OS: Linux   
Bug Depends on:    
Bug Blocks: 3533    

Description Petr Menšík 2022-10-31 22:32:39 AEDT 
I would like to have a simple way to omit SHA1 digest from DNS SSHFP records. But I don't want to use SHA1 digest anymore or propagate them to secure DNS zones. Is there way to skip their printing?

If not, could such support be added?
Comment 1 HLFH 2022-12-09 01:53:49 AEDT 
Yes, it would be great to skip their printing.
Comment 2 Damien Miller 2023-03-08 10:33:41 AEDT 
Fixed in commit d651f5c9fe37 and will be in OpenSSH 9.3
Comment 3 Damien Miller 2023-03-17 13:42:28 AEDT 
OpenSSH 9.3 has been released. Close resolved bugs