bugzilla-daemon at mindrot.org
2015-Jan-07 18:16 UTC
[Bug 2332] New: Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332 Bug ID: 2332 Summary: Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: kolAflash at kolahilft.de When connecting to a server the first time, the only information you get about the servers public key fingerprint in MD5. Since all I know, MD5 is pretty much broken for security purposes. Guess it would be wise, to additionally (not exclusively) display a more secure fingerprint. Probably SHA256 or SHA512 would be great. By command-line option ssh could also display the full key. (which isn't that long, especially for ed25519) ssh-keygen -l -f key-file.pub Also needs to be able to show a better hash function. -- This is the only way I currently know, to calculate a SHA256 fingerprint from shell. openssl pkcs8 -in /etc/ssh/ssh_host_rsa_key.pub -nocrypt -topk8 -outform DER | openssl sha256 -c -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Jan-08 08:44 UTC
[Bug 2332] Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332 Petr Lautrbach <plautrba at redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |plautrba at redhat.com --- Comment #1 from Petr Lautrbach <plautrba at redhat.com> --- It seems to be already changed in the development tree, see https://anongit.mindrot.org/openssh.git/commit/?id=56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Jan-08 10:18 UTC
[Bug 2332] Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332 --- Comment #2 from kolAflash at kolahilft.de --- Just tested the current version from Git. SHA256 is working great! Gives me the SHA256 or MD5 fingerprint: ssh-keygen -lv -E SHA256 -f id_rsa.pub ssh-keygen -lv -E MD5 -f id_rsa.pub But: SSH client also needs an option to show MD5 (like ssh-keygen). Why not also offer SHA512 for really paranoid people? -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Jan-08 10:31 UTC
[Bug 2332] Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332 --- Comment #3 from Petr Lautrbach <plautrba at redhat.com> --- You can put "FingerprintHash=md5" into your ssh config files (/etc/ssh/ssh_config, ~/.ssh/config) or use '-o FingerprintHash=md5' directly on the command line. $ ssh localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:WvwqGxIhzB8L7L3/V9v9cI4IZ+IxTtAGo2FXFRfpPSQ. $ ssh -o FingerprintHash=md5 localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is MD5:da:24:43:0b:2e:c1:3f:a1:84:13:92:01:52:b4:84:ff. ... $ ssh -o FingerprintHash=sha512 localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA512:lbvPnoYkOXD0yOv7C1iLFjrlPz0sg5ImLzT7ffZTte4iJ7MmZtHjBTRm9EimMAYKNGgB5XEHDs8gnCPnJCf5dQ. But there seems to be a bug that you can't overwrite FingerprintHash option on the command line when it's set in a config file. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Jan-08 13:10 UTC
[Bug 2332] Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #4 from Damien Miller <djm at mindrot.org> --- (In reply to Petr Lautrbach from comment #3)> But there seems to be a bug that you can't overwrite FingerprintHash > option on the command line when it's set in a config file.Can you give me a recipe to reproduce? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Jan-08 13:15 UTC
[Bug 2332] Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332 --- Comment #5 from Petr Lautrbach <plautrba at redhat.com> --- ~/.ssh/config: host * FingerprintHash=md5 $ ssh -o FingerprintHash=sha512 localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is MD5:da:24:43:0b:2e:c1:3f:a1:84:13:92:01:52:b4:84:ff. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Jan-08 13:26 UTC
[Bug 2332] Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332 --- Comment #6 from Petr Lautrbach <plautrba at redhat.com> --- works for me with this patch: --- a/readconf.c +++ b/readconf.c @@ -1464,6 +1464,7 @@ parse_int: goto parse_string; case oFingerprintHash: + intptr = &options->fingerprint_hash; arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing argument.", @@ -1471,8 +1472,8 @@ parse_int: if ((value = ssh_digest_alg_by_name(arg)) == -1) fatal("%.200s line %d: Invalid hash algorithm \"%s\".", filename, linenum, arg); - if (*activep) - options->fingerprint_hash = value; + if (*activep && *intptr == -1) + *intptr = value; break; case oDeprecated: -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-Jan-08 13:45 UTC
[Bug 2332] Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #7 from Damien Miller <djm at mindrot.org> --- applied - thanks. I don't think there is anything left unfinished in this bug then :) -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-May-02 23:13 UTC
[Bug 2332] Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332 Max Polk <maxpolk at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |--- Status|RESOLVED |REOPENED CC| |maxpolk at gmail.com --- Comment #8 from Max Polk <maxpolk at gmail.com> --- Request for two small man page documentation changes. The 6.8 release notes state, "The default changes from MD5 to SHA256 and format from hex to base64" for host fingerprint display in ssh, and on the server in ssh-keygen when looking at the server key in order to compare. I discovered that when a 6.8 ssh client connects to a 6.7 or older server, the server side ssh-keygen doesn't have the new "-E" option, and still shows you only the md5-based, hex-formatted, key. The suggested command in the ssh man page doesn't help: $ ssh-keygen -l -f /etc/ssh_host_rsa_key To verify, the option on the client side is to downgrade ssh to use the md5 fingerprint: $ ssh -o FingerprintHash=md5 HOST To verify, the option on the server side is to manually calculate the new style fingerprint: $ cat /etc/ssh/ssh_host_ecdsa_key.pub | cut -d ' ' -f 2 | base64 -d | openssl sha256 -binary | base64 Can the ssh documentation be updated, under the "VERIFYING HOST KEYS" manual section, to state how to downgrade to md5 when connecting to older hosts? Or if not, could the option "FingerprintHash" at least be mentioned there? That special option is mentioned only once later in the long listing of options under the -o stanza. I ask this, because getting verification to work with the new ssh client was very difficult. I thought I lost the capability and ended up coming up with that manual server-side way to calculate the new style finterprint: SERVER public key file: base64(binarykey) SSH command: base64(sha256(binarykey)) SSH-KEYGEN command: hex(md5(binarykey)) # older server It is a huge usability problem to seemingly lose this verification going between 6.8 client and 6.7 and older server. It was not lost, just difficult to discover, so I'm reopening this for two documentation updates to make the user experience a lot easier when they face the same problem I did. Also, can we update the ssh_config documentation to note that not only is the hash being switched, but also the format (base64 vs hex)? Client downgrading from sha256 to md5 using FingerprintHash switches from sha256 to md5 (as documented), but it also switches the formatting from base64 to hex (not documented). Example: SHA256:mIfDbTHZHp8n8HT/R04oKL2lzXwje8A07P6WTjEp20A MD5:bc:b1:82:45:1c:94:ae:cf:bd:b3:8f:63:75:0c:2f:f3 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-May-22 05:30 UTC
[Bug 2332] Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |FIXED --- Comment #9 from Damien Miller <djm at mindrot.org> --- I added a pointer to ssh-keygen -E, but I don't think it's desirable for the manual page to cover ever possible contingency - if you have access to the key to hash, then it's not much more work just to copy it over. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-May-22 11:38 UTC
[Bug 2332] Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332 --- Comment #10 from kolAflash at kolahilft.de --- Guess the -E option should be documented in the manual page. Szenario: You run a server, to which people from your company/team should connect to. The other people use different SSH versions (some showing the old MD5, some showing the new SHA256 fingerprint). You want to give the other people the fingerprint for verification when they connect, so you need to know how to generate the MD5 and the SHA256 fingerprint and the -E option will be pretty important for you. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-02 00:42 UTC
[Bug 2332] Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #11 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after 7.3p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Possibly Parallel Threads
- [Bug 2333] New: forbid old Ciphers, KexAlgorithms and MACs by default
- [Bug 2165] New: ssh option to prompt for fingerprint input
- [Bug 983] Required authentication
- [Bug 2166] New: sshd logs unnecessary messages if some of default host keys doesn't exist
- [Bug 2011] sandbox selection needs some kind of fallback mechanism