[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint
[ https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15024541#comment-15024541 ] ASF GitHub Bot commented on SSHD-586: - Github user alonbl closed the pull request at: https://github.com/apache/mina-sshd/pull/19 > openssh compliant public key fingerprint > > > Key: SSHD-586 > URL: https://issues.apache.org/jira/browse/SSHD-586 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.1.0 >Reporter: Alon Bar-Lev >Priority: Minor > Fix For: 1.1.0 > > > Hello, > The apache-sshd always assumes fingerprint as hex string ':' separated. > While openssh public key fingerprint differs, here are some examples: > $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub > 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost > (RSA) > $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub > 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA) > $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub > 2048 > SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw > alonbl@localhost (RSA) > $ ssh root@10.35.0.71 > The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established. > ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA. > Are you sure you want to continue connecting (yes/no)? > Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f > is considered md5. > New format with digest: prefix for md5 keeps the hex string. > Any other digest will have base64 encoded digest value. > It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will > comply with the above, so fingerprint can be presented to user and user will > be able to compare it visually to expected value. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint
[ https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15021205#comment-15021205 ] ASF GitHub Bot commented on SSHD-586: - GitHub user alonbl opened a pull request: https://github.com/apache/mina-sshd/pull/19 [SSHD-586] OpenSSH compliant public key fingerprint You can merge this pull request into a Git repository by running: $ git pull https://github.com/alonbl/mina-sshd fingerprint Alternatively you can review and apply these changes as the patch at: https://github.com/apache/mina-sshd/pull/19.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #19 commit 1d4f04ca8fe6d3e9de7d50cc5325f4d945baf752 Author: Alon Bar-LevDate: 2015-11-22T18:50:18Z [SSHD-586] OpenSSH compliant public key fingerprint Signed-off-by: Alon Bar-Lev > openssh compliant public key fingerprint > > > Key: SSHD-586 > URL: https://issues.apache.org/jira/browse/SSHD-586 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.1.0 >Reporter: Alon Bar-Lev >Priority: Minor > > Hello, > The apache-sshd always assumes fingerprint as hex string ':' separated. > While openssh public key fingerprint differs, here are some examples: > $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub > 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost > (RSA) > $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub > 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA) > $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub > 2048 > SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw > alonbl@localhost (RSA) > $ ssh root@10.35.0.71 > The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established. > ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA. > Are you sure you want to continue connecting (yes/no)? > Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f > is considered md5. > New format with digest: prefix for md5 keeps the hex string. > Any other digest will have base64 encoded digest value. > It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will > comply with the above, so fingerprint can be presented to user and user will > be able to compare it visually to expected value. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint
[ https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15005908#comment-15005908 ] Goldstein Lyor commented on SSHD-586: - Great - thanks for the contribution. > openssh compliant public key fingerprint > > > Key: SSHD-586 > URL: https://issues.apache.org/jira/browse/SSHD-586 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.1.0 >Reporter: Alon Bar-Lev >Priority: Minor > > Hello, > The apache-sshd always assumes fingerprint as hex string ':' separated. > While openssh public key fingerprint differs, here are some examples: > $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub > 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost > (RSA) > $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub > 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA) > $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub > 2048 > SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw > alonbl@localhost (RSA) > $ ssh root@10.35.0.71 > The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established. > ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA. > Are you sure you want to continue connecting (yes/no)? > Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f > is considered md5. > New format with digest: prefix for md5 keeps the hex string. > Any other digest will have base64 encoded digest value. > It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will > comply with the above, so fingerprint can be presented to user and user will > be able to compare it visually to expected value. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint
[ https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15005877#comment-15005877 ] Goldstein Lyor commented on SSHD-586: - According to [RFC4716 - Key fingerprints|https://tools.ietf.org/html/rfc4716#page-6]: {quote} The fingerprint of a public key consists of the output of the MD5 message-digest algorithm. For example: "c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87" {quote} * As far as generating a non-MD5 fingerprint, the _KeyUtils_ class provides such a method - the one you indicated - which does not add the name of the digest. * As far as formatting - the most I can do is suggest adding a system property that controls the default used fingerprint digest as well as its format. If you wish to undertake this task, please submit a patch. > openssh compliant public key fingerprint > > > Key: SSHD-586 > URL: https://issues.apache.org/jira/browse/SSHD-586 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.1.0 >Reporter: Alon Bar-Lev > > Hello, > The apache-sshd always assumes fingerprint as hex string ':' separated. > While openssh public key fingerprint differs, here are some examples: > $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub > 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost > (RSA) > $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub > 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA) > $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub > 2048 > SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw > alonbl@localhost (RSA) > $ ssh root@10.35.0.71 > The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established. > ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA. > Are you sure you want to continue connecting (yes/no)? > Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f > is considered md5. > New format with digest: prefix for md5 keeps the hex string. > Any other digest will have base64 encoded digest value. > It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will > comply with the above, so fingerprint can be presented to user and user will > be able to compare it visually to expected value. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint
[ https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15005885#comment-15005885 ] Goldstein Lyor commented on SSHD-586: - What I recommend is the following: * Add a *new* class _OpenSSHKeyUtils_ that has a _getFingerPrint(Digest d, PublicKey key, boolean appendDigestName)_ method (as well as default one - similar to KeyUtils) * In this method you can use the available _PublicKeyEntry.appendPublicKeyEntry(...)_ method - this will give you the BASE64 encoded data as a _String_. I am not sure that the input for the hash is the _String_ or its bytes, or the data *before* the BASE64 encoding - up to you to figure out which. * If you need the pure *bytes* rather than the base64 encoding, then look at how _PublicKeyEntry.appendPublicKeyEntry(...)_ generates the bytes before encoding them. * Hash and format the result according to the _appendDigestName_ parameter * Add unit tests that calculate the digest for "known" keys (ones that you generated with _ssh-keygen_) and makes sure the result is as expected > openssh compliant public key fingerprint > > > Key: SSHD-586 > URL: https://issues.apache.org/jira/browse/SSHD-586 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.1.0 >Reporter: Alon Bar-Lev >Priority: Minor > > Hello, > The apache-sshd always assumes fingerprint as hex string ':' separated. > While openssh public key fingerprint differs, here are some examples: > $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub > 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost > (RSA) > $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub > 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA) > $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub > 2048 > SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw > alonbl@localhost (RSA) > $ ssh root@10.35.0.71 > The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established. > ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA. > Are you sure you want to continue connecting (yes/no)? > Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f > is considered md5. > New format with digest: prefix for md5 keeps the hex string. > Any other digest will have base64 encoded digest value. > It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will > comply with the above, so fingerprint can be presented to user and user will > be able to compare it visually to expected value. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint
[ https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15005878#comment-15005878 ] Alon Bar-Lev commented on SSHD-586: --- Hi, I can submit a patch, but let's first define the interface. I did not see a method in KeyUtils that returns Base64, is there any? Do you wish to modify the existing getFingerPrint() methods or add new set, for example getSSHFingerPrint()? I am not following the recommendation of system property, do you mean in the client program apache-sshd provide? I am more interested of the ability to retrieve fingerprint programmingly. Thanks! > openssh compliant public key fingerprint > > > Key: SSHD-586 > URL: https://issues.apache.org/jira/browse/SSHD-586 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.1.0 >Reporter: Alon Bar-Lev >Priority: Minor > > Hello, > The apache-sshd always assumes fingerprint as hex string ':' separated. > While openssh public key fingerprint differs, here are some examples: > $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub > 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost > (RSA) > $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub > 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA) > $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub > 2048 > SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw > alonbl@localhost (RSA) > $ ssh root@10.35.0.71 > The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established. > ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA. > Are you sure you want to continue connecting (yes/no)? > Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f > is considered md5. > New format with digest: prefix for md5 keeps the hex string. > Any other digest will have base64 encoded digest value. > It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will > comply with the above, so fingerprint can be presented to user and user will > be able to compare it visually to expected value. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint
[ https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15005888#comment-15005888 ] Alon Bar-Lev commented on SSHD-586: --- ACK will work on this this week. > openssh compliant public key fingerprint > > > Key: SSHD-586 > URL: https://issues.apache.org/jira/browse/SSHD-586 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 1.1.0 >Reporter: Alon Bar-Lev >Priority: Minor > > Hello, > The apache-sshd always assumes fingerprint as hex string ':' separated. > While openssh public key fingerprint differs, here are some examples: > $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub > 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost > (RSA) > $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub > 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA) > $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub > 2048 > SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw > alonbl@localhost (RSA) > $ ssh root@10.35.0.71 > The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established. > ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA. > Are you sure you want to continue connecting (yes/no)? > Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f > is considered md5. > New format with digest: prefix for md5 keeps the hex string. > Any other digest will have base64 encoded digest value. > It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will > comply with the above, so fingerprint can be presented to user and user will > be able to compare it visually to expected value. -- This message was sent by Atlassian JIRA (v6.3.4#6332)