Hello list,

In PR https://github.com/freeipa/freeipa/pull/385 we changed the hashing algorithm for SSH public key fingerprints which are printed for hosts/users in their respective show commands. These fingerprints are not stored anywhere and are calculated during runtime on demand.

We did the mentioned change to move from MD5 use of which breaks IPA in FIPS. Also, SHA256 (along with MD5) fingerprints are now printed by default in Fedora 25 when trying to connect to a new host via ssh.

If you think this could break some use-case, please, share your concern.

Have a nice day,

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to