[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts
URL: https://github.com/freeipa/freeipa/pull/385 Title: #385: Generate sha256 ssh pubkey fingerprints for hosts mbasti-rh commented: """ Fixed upstream master: https://fedorahosted.org/freeipa/changeset/721105c53de6fbc0abc7799ec7f48920e02089bd """ See the full comment at https://github.com/freeipa/freeipa/pull/385#issuecomment-272124272 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts
URL: https://github.com/freeipa/freeipa/pull/385 Title: #385: Generate sha256 ssh pubkey fingerprints for hosts tiran commented: """ @stlaz I'm sorry, go ahead and ignore what I said! :) """ See the full comment at https://github.com/freeipa/freeipa/pull/385#issuecomment-271845641 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts
URL: https://github.com/freeipa/freeipa/pull/385 Title: #385: Generate sha256 ssh pubkey fingerprints for hosts stlaz commented: """ @tiran Yes, exactly, this is only a UI thing. """ See the full comment at https://github.com/freeipa/freeipa/pull/385#issuecomment-271845090 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts
URL: https://github.com/freeipa/freeipa/pull/385 Title: #385: Generate sha256 ssh pubkey fingerprints for hosts tiran commented: """ Your change influenced the value of ```entry_attrs['sshpubkeyfp']``` in ```convert_sshpubkey_post```. Is the value only used in UI or does it affect data in LDAP like DNS SSHFP records? I tracked down some code paths and it looks like the pubkey fingerprint isn't stored in LDAP. The DNS plugin uses different method to calculate SSHFP records. Am I right to assume that this change only affects UI? """ See the full comment at https://github.com/freeipa/freeipa/pull/385#issuecomment-271844780 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts
URL: https://github.com/freeipa/freeipa/pull/385 Title: #385: Generate sha256 ssh pubkey fingerprints for hosts stlaz commented: """ @tiran Which SSHFP records do you mean? """ See the full comment at https://github.com/freeipa/freeipa/pull/385#issuecomment-271841277 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#385][comment] Generate sha256 ssh pubkey fingerprints for hosts
URL: https://github.com/freeipa/freeipa/pull/385 Title: #385: Generate sha256 ssh pubkey fingerprints for hosts tiran commented: """ What's the migration plan for existing SSHFP records? Are there any supported versions of OpenSSH or other SSH client that do not support SSHFP with SHA256? Would it make sense to run a hybrid mode for a while (SHA256 and MD5 records unless FIPS is enabled)? """ See the full comment at https://github.com/freeipa/freeipa/pull/385#issuecomment-271835544 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code