On Fri, Feb 7, 2020 at 10:21 AM Richard Lancaster < [email protected]> wrote:
> PuTTY supports SSH host verification via host key fingerprints (see > '-hostkey' > https://the.earth.li/~sgtatham/putty/0.73/htmldoc/Chapter3.html#using-cmdline > ). > > Is Guacamole able to do the same? > > I know it's able to take openssh known_host entries via the option > 'host-key', but those don't appear to support fingerprints. > > No, it requires a known-hosts format entry. After reading up on the fingerprints, it looks like those are only MD5 or SHA1, both of which are subject to hash collisions, so I'm not sure it's desirable to rely on those for identifying a SSH host. Is there some requirement you have for using fingerprints over known-hosts entries? -Nick
