[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint

2015-11-24 Thread ASF GitHub Bot (JIRA)

[ 
https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15024541#comment-15024541
 ] 

ASF GitHub Bot commented on SSHD-586:
-

Github user alonbl closed the pull request at:

https://github.com/apache/mina-sshd/pull/19


> openssh compliant public key fingerprint
> 
>
> Key: SSHD-586
> URL: https://issues.apache.org/jira/browse/SSHD-586
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.1.0
>Reporter: Alon Bar-Lev
>Priority: Minor
> Fix For: 1.1.0
>
>
> Hello,
> The apache-sshd always assumes fingerprint as hex string ':' separated.
> While openssh public key fingerprint differs, here are some examples:
> $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub 
> 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost 
> (RSA)
> $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub 
> 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA)
> $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub 
> 2048 
> SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw
>  alonbl@localhost (RSA)
> $ ssh root@10.35.0.71
> The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established.
> ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA.
> Are you sure you want to continue connecting (yes/no)? 
> Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f 
> is considered md5.
> New format with digest: prefix for md5 keeps the hex string.
> Any other digest will have base64 encoded digest value.
> It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will 
> comply with the above, so fingerprint can be presented to user and user will 
> be able to compare it visually to expected value.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint

2015-11-22 Thread ASF GitHub Bot (JIRA)

[ 
https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15021205#comment-15021205
 ] 

ASF GitHub Bot commented on SSHD-586:
-

GitHub user alonbl opened a pull request:

https://github.com/apache/mina-sshd/pull/19

[SSHD-586] OpenSSH compliant public key fingerprint



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/alonbl/mina-sshd fingerprint

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/mina-sshd/pull/19.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #19


commit 1d4f04ca8fe6d3e9de7d50cc5325f4d945baf752
Author: Alon Bar-Lev 
Date:   2015-11-22T18:50:18Z

[SSHD-586] OpenSSH compliant public key fingerprint

Signed-off-by: Alon Bar-Lev 




> openssh compliant public key fingerprint
> 
>
> Key: SSHD-586
> URL: https://issues.apache.org/jira/browse/SSHD-586
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.1.0
>Reporter: Alon Bar-Lev
>Priority: Minor
>
> Hello,
> The apache-sshd always assumes fingerprint as hex string ':' separated.
> While openssh public key fingerprint differs, here are some examples:
> $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub 
> 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost 
> (RSA)
> $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub 
> 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA)
> $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub 
> 2048 
> SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw
>  alonbl@localhost (RSA)
> $ ssh root@10.35.0.71
> The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established.
> ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA.
> Are you sure you want to continue connecting (yes/no)? 
> Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f 
> is considered md5.
> New format with digest: prefix for md5 keeps the hex string.
> Any other digest will have base64 encoded digest value.
> It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will 
> comply with the above, so fingerprint can be presented to user and user will 
> be able to compare it visually to expected value.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint

2015-11-15 Thread Goldstein Lyor (JIRA)

[ 
https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15005908#comment-15005908
 ] 

Goldstein Lyor commented on SSHD-586:
-

Great - thanks for the contribution.

> openssh compliant public key fingerprint
> 
>
> Key: SSHD-586
> URL: https://issues.apache.org/jira/browse/SSHD-586
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.1.0
>Reporter: Alon Bar-Lev
>Priority: Minor
>
> Hello,
> The apache-sshd always assumes fingerprint as hex string ':' separated.
> While openssh public key fingerprint differs, here are some examples:
> $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub 
> 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost 
> (RSA)
> $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub 
> 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA)
> $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub 
> 2048 
> SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw
>  alonbl@localhost (RSA)
> $ ssh root@10.35.0.71
> The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established.
> ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA.
> Are you sure you want to continue connecting (yes/no)? 
> Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f 
> is considered md5.
> New format with digest: prefix for md5 keeps the hex string.
> Any other digest will have base64 encoded digest value.
> It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will 
> comply with the above, so fingerprint can be presented to user and user will 
> be able to compare it visually to expected value.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint

2015-11-15 Thread Goldstein Lyor (JIRA)

[ 
https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15005877#comment-15005877
 ] 

Goldstein Lyor commented on SSHD-586:
-

According to [RFC4716 - Key 
fingerprints|https://tools.ietf.org/html/rfc4716#page-6]:
{quote}
The fingerprint of a public key consists of the output of the MD5 
message-digest algorithm. For example: 
"c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87"
{quote}

* As far as generating a non-MD5 fingerprint, the _KeyUtils_ class provides 
such a method - the one you indicated - which does not add the name of the 
digest.
* As far as formatting - the most I can do is suggest adding a system property 
that controls the default used fingerprint digest as well as its format. If you 
wish to undertake this task, please submit a patch.

> openssh compliant public key fingerprint
> 
>
> Key: SSHD-586
> URL: https://issues.apache.org/jira/browse/SSHD-586
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.1.0
>Reporter: Alon Bar-Lev
>
> Hello,
> The apache-sshd always assumes fingerprint as hex string ':' separated.
> While openssh public key fingerprint differs, here are some examples:
> $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub 
> 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost 
> (RSA)
> $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub 
> 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA)
> $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub 
> 2048 
> SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw
>  alonbl@localhost (RSA)
> $ ssh root@10.35.0.71
> The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established.
> ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA.
> Are you sure you want to continue connecting (yes/no)? 
> Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f 
> is considered md5.
> New format with digest: prefix for md5 keeps the hex string.
> Any other digest will have base64 encoded digest value.
> It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will 
> comply with the above, so fingerprint can be presented to user and user will 
> be able to compare it visually to expected value.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint

2015-11-15 Thread Goldstein Lyor (JIRA)

[ 
https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15005885#comment-15005885
 ] 

Goldstein Lyor commented on SSHD-586:
-

What I recommend is the following:

* Add a *new* class _OpenSSHKeyUtils_ that has a _getFingerPrint(Digest d, 
PublicKey key, boolean appendDigestName)_ method (as well as default one - 
similar to KeyUtils)
* In this method you can use the available 
_PublicKeyEntry.appendPublicKeyEntry(...)_ method - this will give you the 
BASE64 encoded data as a _String_. I am not sure that the input for the hash is 
the _String_ or its bytes, or the data *before* the BASE64 encoding - up to you 
to figure out which.
* If you need the pure *bytes* rather than the base64 encoding, then look at 
how _PublicKeyEntry.appendPublicKeyEntry(...)_ generates the bytes before 
encoding them.
* Hash and format the result according to the _appendDigestName_ parameter
* Add unit tests that calculate the digest for "known" keys (ones that you 
generated with _ssh-keygen_) and makes sure the result is as expected


> openssh compliant public key fingerprint
> 
>
> Key: SSHD-586
> URL: https://issues.apache.org/jira/browse/SSHD-586
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.1.0
>Reporter: Alon Bar-Lev
>Priority: Minor
>
> Hello,
> The apache-sshd always assumes fingerprint as hex string ':' separated.
> While openssh public key fingerprint differs, here are some examples:
> $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub 
> 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost 
> (RSA)
> $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub 
> 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA)
> $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub 
> 2048 
> SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw
>  alonbl@localhost (RSA)
> $ ssh root@10.35.0.71
> The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established.
> ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA.
> Are you sure you want to continue connecting (yes/no)? 
> Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f 
> is considered md5.
> New format with digest: prefix for md5 keeps the hex string.
> Any other digest will have base64 encoded digest value.
> It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will 
> comply with the above, so fingerprint can be presented to user and user will 
> be able to compare it visually to expected value.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint

2015-11-15 Thread Alon Bar-Lev (JIRA)

[ 
https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15005878#comment-15005878
 ] 

Alon Bar-Lev commented on SSHD-586:
---

Hi,
I can submit a patch, but let's first define the interface.
I did not see a method in KeyUtils that returns Base64, is there any?
Do you wish to modify the existing getFingerPrint() methods or add new set, for 
example getSSHFingerPrint()?
I am not following the recommendation of system property, do you mean in the 
client program apache-sshd provide? I am more interested of the ability to 
retrieve fingerprint programmingly.
Thanks!

> openssh compliant public key fingerprint
> 
>
> Key: SSHD-586
> URL: https://issues.apache.org/jira/browse/SSHD-586
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.1.0
>Reporter: Alon Bar-Lev
>Priority: Minor
>
> Hello,
> The apache-sshd always assumes fingerprint as hex string ':' separated.
> While openssh public key fingerprint differs, here are some examples:
> $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub 
> 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost 
> (RSA)
> $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub 
> 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA)
> $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub 
> 2048 
> SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw
>  alonbl@localhost (RSA)
> $ ssh root@10.35.0.71
> The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established.
> ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA.
> Are you sure you want to continue connecting (yes/no)? 
> Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f 
> is considered md5.
> New format with digest: prefix for md5 keeps the hex string.
> Any other digest will have base64 encoded digest value.
> It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will 
> comply with the above, so fingerprint can be presented to user and user will 
> be able to compare it visually to expected value.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint

2015-11-15 Thread Alon Bar-Lev (JIRA)

[ 
https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15005888#comment-15005888
 ] 

Alon Bar-Lev commented on SSHD-586:
---

ACK will work on this this week.

> openssh compliant public key fingerprint
> 
>
> Key: SSHD-586
> URL: https://issues.apache.org/jira/browse/SSHD-586
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 1.1.0
>Reporter: Alon Bar-Lev
>Priority: Minor
>
> Hello,
> The apache-sshd always assumes fingerprint as hex string ':' separated.
> While openssh public key fingerprint differs, here are some examples:
> $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub 
> 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost 
> (RSA)
> $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub 
> 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA)
> $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub 
> 2048 
> SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw
>  alonbl@localhost (RSA)
> $ ssh root@10.35.0.71
> The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established.
> ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA.
> Are you sure you want to continue connecting (yes/no)? 
> Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f 
> is considered md5.
> New format with digest: prefix for md5 keeps the hex string.
> Any other digest will have base64 encoded digest value.
> It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will 
> comply with the above, so fingerprint can be presented to user and user will 
> be able to compare it visually to expected value.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)