bugzilla-daemon at mindrot.org
2022-Oct-31 11:32 UTC
[Bug 3494] New: ssh-keygen -r cannot disable SHA-1 digest
https://bugzilla.mindrot.org/show_bug.cgi?id=3494
Bug ID: 3494
Summary: ssh-keygen -r cannot disable SHA-1 digest
Product: Portable OpenSSH
Version: 9.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: pemensik at redhat.com
I would like to have a simple way to omit SHA1 digest from DNS SSHFP
records. But I don't want to use SHA1 digest anymore or propagate them
to secure DNS zones. Is there way to skip their printing?
If not, could such support be added?
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Dec-08 14:52 UTC
[Bug 3494] ssh-keygen -r cannot disable SHA-1 digest
https://bugzilla.mindrot.org/show_bug.cgi?id=3494
HLFH <gaspard at dhautefeuille.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gaspard at dhautefeuille.eu
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Dec-08 14:53 UTC
[Bug 3494] ssh-keygen -r cannot disable SHA-1 digest
https://bugzilla.mindrot.org/show_bug.cgi?id=3494 --- Comment #1 from HLFH <gaspard at dhautefeuille.eu> --- Yes, it would be great to skip their printing. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-07 23:33 UTC
[Bug 3494] ssh-keygen -r cannot disable SHA-1 digest
https://bugzilla.mindrot.org/show_bug.cgi?id=3494
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |djm at mindrot.org
Blocks| |3533
Resolution|--- |FIXED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Fixed in commit d651f5c9fe37 and will be in OpenSSH 9.3
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3533
[Bug 3533] tracking bug for openssh-9.3
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-17 02:42 UTC
[Bug 3494] ssh-keygen -r cannot disable SHA-1 digest
https://bugzilla.mindrot.org/show_bug.cgi?id=3494
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
OpenSSH 9.3 has been released. Close resolved bugs
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- [Bug 3753] New: ssh-keygen and ssh-keyscan prints SHA1 SSHFP digest by default
- [Bug 1972] ssh-keygen fails to generate SSHFP for ECDSA but exits with 0 code
- Support for ECDSA and SHA-2 (SHA-256) in the SSHFP record
- ssh-keygen -r should support SSHFP records for ECDSA (or at least return non-zero error code on failure)
- [Bug 3533] New: tracking bug for openssh-9.3