bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-07 08:25 UTC
[Bug 1978] New: ECDSA & SHA256 support in SSHFS DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978
Bug #: 1978
Summary: ECDSA & SHA256 support in SSHFS DNS records
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
URL: https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-
sha2-07
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: martian67 at gmail.com
As per the RFC draft, support for ECDSA and SHA256 in sshfp records.
This is pretty necessary, because ssh now defaults to ECDSA keys, and
setting VerifyHostKeyDNS results in errors, as SSHFP only supports RSA
keys.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-07 08:28 UTC
[Bug 1978] ECDSA & SHA256 support in SSHFS DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978
martian67 <martian67 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |low-hanging-fruit
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-24 00:03 UTC
[Bug 1978] ECDSA & SHA256 support in SSHFS DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Blocks| |1986
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Apr-11 02:35 UTC
[Bug 1978] ECDSA & SHA256 support in SSHFP DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978
martian67 <bugzilla-m67 at nulld.me> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|ECDSA & SHA256 support in |ECDSA & SHA256 support
in
|SSHFS DNS records |SSHFP DNS records
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Apr-11 02:37 UTC
[Bug 1978] ECDSA & SHA256 support in SSHFP DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978 --- Comment #1 from martian67 <bugzilla-m67 at nulld.me> 2012-04-11 12:37:53 EST --- Created attachment 2144 --> https://bugzilla.mindrot.org/attachment.cgi?id=2144 Patch to add support to ssh-keygen -r and ssh for ECDSA/SHA-256 SSHPF records -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Apr-11 02:38 UTC
[Bug 1978] ECDSA & SHA256 support in SSHFP DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978 --- Comment #2 from martian67 <bugzilla-m67 at nulld.me> 2012-04-11 12:38:53 EST --- oops, meant to say patch applies cleanly to 5.8 and 5.9, patch obtained from https://git.nic.cz/redmine/projects/ietf/repository/revisions/master/entry/ssh-sshfp-ecdsa.patch -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Apr-27 01:00 UTC
[Bug 1978] ECDSA & SHA256 support in SSHFP DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-May-23 03:29 UTC
[Bug 1978] ECDSA & SHA256 support in SSHFP DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
--- Comment #3 from Damien Miller <djm at mindrot.org> 2012-05-23 13:29:03
EST ---
patch applied - this will be in openssh-6.1. Thanks!
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-01 16:07 UTC
[Bug 1978] ECDSA & SHA256 support in SSHFP DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978 --- Comment #4 from Julien D?CHARNE <julien.decharne at gmail.com> 2012-06-02 02:07:25 EST --- Created attachment 2161 --> https://bugzilla.mindrot.org/attachment.cgi?id=2161 patch to add ECDSA key records to host keys records printed by ssh-keygen -r <hostname> when called without filename (option -f), ssh-keygen -r <hostname> print SSHFP records for 'host' key files (e.g. in /etc/ssh/ on most system). This patch add ECDSA public key file to these host key files. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-01 16:08 UTC
[Bug 1978] ECDSA & SHA256 support in SSHFP DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978
Julien D?CHARNE <julien.decharne at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |julien.decharne at gmail.com
Status|RESOLVED |REOPENED
Resolution|FIXED |
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-01 16:13 UTC
[Bug 1978] ECDSA & SHA256 support in SSHFP DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978 --- Comment #5 from Julien D?CHARNE <julien.decharne at gmail.com> 2012-06-02 02:13:58 EST --- just forget to say that previous patch in this bug report (attachment 2144) need obviously to be applied before ... -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-04 07:11 UTC
[Bug 1978] ECDSA & SHA256 support in SSHFP DNS records
https://bugzilla.mindrot.org/show_bug.cgi?id=1978
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |FIXED
--- Comment #6 from Damien Miller <djm at mindrot.org> 2012-06-04 17:11:18
EST ---
yes, the patch as committed included this fix
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Reasonably Related Threads
- [Bug 2039] New: Give proper credits for ECDSA patch
- Support for ECDSA and SHA-2 (SHA-256) in the SSHFP record
- [Bug 1978] ECDSA & SHA256 support in SSHFP DNS records
- ssh-keygen -r should support SSHFP records for ECDSA (or at least return non-zero error code on failure)
- [Bug 1972] ssh-keygen fails to generate SSHFP for ECDSA but exits with 0 code