openssh bugs - Jan 2018 - [Bug 2821] New: ssh-keyscan cannot generate SSHFP fingerprints

https://bugzilla.mindrot.org/show_bug.cgi?id=2821

            Bug ID: 2821
           Summary: ssh-keyscan cannot generate SSHFP fingerprints
           Product: Portable OpenSSH
           Version: 7.6p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keyscan
          Assignee: unassigned-bugs at mindrot.org
          Reporter: schwarz at rz.uni-kiel.de

It seems kind of odd that ssh-keyscan does not offer an equivalent to
ssh-keygen's -r to easily generate SSHFP fingerprints for more than one
host, without logging into each host. 
All the information needed is already fetched (i.e. the public keys) or
known (i.e. the hostname), but as is, you'd have to generate the
known_hosts output and then parse it again and hash it yourself or
create temporary files for each line, as you can't pipe into
ssh-keygen.

I realize that this mass-generation pretty much only occurs when you
initially commit to deploying SSHFP, but all the code is already there?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2821

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at dtucker.net
             Status|NEW                         |ASSIGNED
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
   Attachment #3127|                            |ok?(dtucker at dtucker.net)
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 3127
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3127&action=edit
Add ssh-keyscan -D flag for output in SSHFP format

Good idea, this is trivial to implement. Here's a patch.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2821

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2782


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2782
[Bug 2782] Tracking bug for OpenSSH 7.7 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2821

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3127|ok?(dtucker at dtucker.net)    |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2821

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
That's applied and will be in OpenSSH 7.7 - thanks!

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2821

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.