In PR https://github.com/freeipa/freeipa/pull/385 we changed the hashing
algorithm for SSH public key fingerprints which are printed for
hosts/users in their respective show commands. These fingerprints are
not stored anywhere and are calculated during runtime on demand.
We did the mentioned change to move from MD5 use of which breaks IPA in
FIPS. Also, SHA256 (along with MD5) fingerprints are now printed by
default in Fedora 25 when trying to connect to a new host via ssh.
If you think this could break some use-case, please, share your concern.
Have a nice day,
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code