https://bugzilla.mindrot.org/show_bug.cgi?id=2493
Jakub Jelen <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Jakub Jelen <[email protected]> --- I really like this idea. I was thinking about this step many times, but this solution seems really elegant, if there is no CA or SSHFP. The best thing is always to get the whole public key you can store by hand in your known_hosts. But having only fingerpint makes it more difficult and this feature would basically solve it. This would allow us to leave both methods available (yes/no checking or pasted fingerprint). It would be also helpful for the new fingerprint methods using SHA256 and base64, which is even harder to read and compare. > The authenticity of host 'somehost (10.0.0.1)' can't be established. ECDSA > key fingerprint is SHA256:9hT+deeJW3NzlzBXvJ3eK/lr7QYmxaZweHqzPG2WASU. > Are you sure you want to continue connecting (yes/no)? > Or you can verify the fingerprint by writing it here: | It would also solve the issue with different hashes which can be problem at the moment, when connecting with new client (6.8+) to old machine (as described in bug #2439). The texts would probably needs a bit tweaking, but yes, the concept sounds great. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
