When connecting to a server the first time, the only information you get about the servers public key fingerprint in MD5. Since all I know, MD5 is pretty much broken for security purposes. Guess it would be wise, to additionally (not exclusively) display a more secure fingerprint. Probably SHA256 or SHA512 would be great. By command-line option ssh could also display the full key. (which isn't that long, especially for ed25519) ssh-keygen -l -f key-file.pub Also needs to be able to show a better hash function. -- This is the only way I currently know, to calculate a SHA256 fingerprint from shell. openssl pkcs8 -in /etc/ssh/ssh_host_rsa_key.pub -nocrypt -topk8 -outform DER | openssl sha256 -c
It seems to be already changed in the development tree, see https://anongit.mindrot.org/openssh.git/commit/?id=56d1c83cdd1ac76f1c6bd41e01e80dad834f3994
Just tested the current version from Git. SHA256 is working great! Gives me the SHA256 or MD5 fingerprint: ssh-keygen -lv -E SHA256 -f id_rsa.pub ssh-keygen -lv -E MD5 -f id_rsa.pub But: SSH client also needs an option to show MD5 (like ssh-keygen). Why not also offer SHA512 for really paranoid people?
You can put "FingerprintHash=md5" into your ssh config files (/etc/ssh/ssh_config, ~/.ssh/config) or use '-o FingerprintHash=md5' directly on the command line. $ ssh localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:WvwqGxIhzB8L7L3/V9v9cI4IZ+IxTtAGo2FXFRfpPSQ. $ ssh -o FingerprintHash=md5 localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is MD5:da:24:43:0b:2e:c1:3f:a1:84:13:92:01:52:b4:84:ff. ... $ ssh -o FingerprintHash=sha512 localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA512:lbvPnoYkOXD0yOv7C1iLFjrlPz0sg5ImLzT7ffZTte4iJ7MmZtHjBTRm9EimMAYKNGgB5XEHDs8gnCPnJCf5dQ. But there seems to be a bug that you can't overwrite FingerprintHash option on the command line when it's set in a config file.
(In reply to Petr Lautrbach from comment #3) > But there seems to be a bug that you can't overwrite FingerprintHash > option on the command line when it's set in a config file. Can you give me a recipe to reproduce?
~/.ssh/config: host * FingerprintHash=md5 $ ssh -o FingerprintHash=sha512 localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is MD5:da:24:43:0b:2e:c1:3f:a1:84:13:92:01:52:b4:84:ff.
works for me with this patch: --- a/readconf.c +++ b/readconf.c @@ -1464,6 +1464,7 @@ parse_int: goto parse_string; case oFingerprintHash: + intptr = &options->fingerprint_hash; arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", @@ -1471,8 +1472,8 @@ parse_int: if ((value = ssh_digest_alg_by_name(arg)) == -1) fatal("%.200s line %d: Invalid hash algorithm \"%s\".", filename, linenum, arg); - if (*activep) - options->fingerprint_hash = value; + if (*activep && *intptr == -1) + *intptr = value; break; case oDeprecated:
applied - thanks. I don't think there is anything left unfinished in this bug then :)
Request for two small man page documentation changes. The 6.8 release notes state, "The default changes from MD5 to SHA256 and format from hex to base64" for host fingerprint display in ssh, and on the server in ssh-keygen when looking at the server key in order to compare. I discovered that when a 6.8 ssh client connects to a 6.7 or older server, the server side ssh-keygen doesn't have the new "-E" option, and still shows you only the md5-based, hex-formatted, key. The suggested command in the ssh man page doesn't help: $ ssh-keygen -l -f /etc/ssh_host_rsa_key To verify, the option on the client side is to downgrade ssh to use the md5 fingerprint: $ ssh -o FingerprintHash=md5 HOST To verify, the option on the server side is to manually calculate the new style fingerprint: $ cat /etc/ssh/ssh_host_ecdsa_key.pub | cut -d ' ' -f 2 | base64 -d | openssl sha256 -binary | base64 Can the ssh documentation be updated, under the "VERIFYING HOST KEYS" manual section, to state how to downgrade to md5 when connecting to older hosts? Or if not, could the option "FingerprintHash" at least be mentioned there? That special option is mentioned only once later in the long listing of options under the -o stanza. I ask this, because getting verification to work with the new ssh client was very difficult. I thought I lost the capability and ended up coming up with that manual server-side way to calculate the new style finterprint: SERVER public key file: base64(binarykey) SSH command: base64(sha256(binarykey)) SSH-KEYGEN command: hex(md5(binarykey)) # older server It is a huge usability problem to seemingly lose this verification going between 6.8 client and 6.7 and older server. It was not lost, just difficult to discover, so I'm reopening this for two documentation updates to make the user experience a lot easier when they face the same problem I did. Also, can we update the ssh_config documentation to note that not only is the hash being switched, but also the format (base64 vs hex)? Client downgrading from sha256 to md5 using FingerprintHash switches from sha256 to md5 (as documented), but it also switches the formatting from base64 to hex (not documented). Example: SHA256:mIfDbTHZHp8n8HT/R04oKL2lzXwje8A07P6WTjEp20A MD5:bc:b1:82:45:1c:94:ae:cf:bd:b3:8f:63:75:0c:2f:f3
I added a pointer to ssh-keygen -E, but I don't think it's desirable for the manual page to cover ever possible contingency - if you have access to the key to hash, then it's not much more work just to copy it over.
Guess the -E option should be documented in the manual page. Szenario: You run a server, to which people from your company/team should connect to. The other people use different SSH versions (some showing the old MD5, some showing the new SHA256 fingerprint). You want to give the other people the fingerprint for verification when they connect, so you need to know how to generate the MD5 and the SHA256 fingerprint and the -E option will be pretty important for you.
Close all resolved bugs after 7.3p1 release