https://bugzilla.mindrot.org/show_bug.cgi?id=2332
Bug ID: 2332 Summary: Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-b...@mindrot.org Reporter: kolafl...@kolahilft.de When connecting to a server the first time, the only information you get about the servers public key fingerprint in MD5. Since all I know, MD5 is pretty much broken for security purposes. Guess it would be wise, to additionally (not exclusively) display a more secure fingerprint. Probably SHA256 or SHA512 would be great. By command-line option ssh could also display the full key. (which isn't that long, especially for ed25519) ssh-keygen -l -f key-file.pub Also needs to be able to show a better hash function. -- This is the only way I currently know, to calculate a SHA256 fingerprint from shell. openssl pkcs8 -in /etc/ssh/ssh_host_rsa_key.pub -nocrypt -topk8 -outform DER | openssl sha256 -c -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs