openssh bugs - Dec 2022 - [Bug 3493] ssh-keyscan -D has no option to disable SHA-1 digest

https://bugzilla.mindrot.org/show_bug.cgi?id=3493

            Bug ID: 3493
           Summary: ssh-keyscan -D has no option to disable SHA-1 digest
           Product: Portable OpenSSH
           Version: 9.1p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh-keyscan
          Assignee: unassigned-bugs at mindrot.org
          Reporter: pemensik at redhat.com

I would like to omit SHA1 digest from any records generated for SSHFP
records. I want only more secure digest. But even in the latest version
is always prints both digest types. The only way out is grepping out
unwanted digest, which is not convenient.

I would like to have more simple way to select only SHA256 digest or
disable SHA1.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3493

HLFH <gaspard at dhautefeuille.eu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gaspard at dhautefeuille.eu

--- Comment #1 from HLFH <gaspard at dhautefeuille.eu> ---
Yes selecting only the SHA256 digest would be great.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3493

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at dtucker.net
   Attachment #3663|                            |ok?(dtucker at dtucker.net)
              Flags|                            |

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Created attachment 3663
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3663&action=edit
Support -Ohashalg=sha256 in ssh-keygen and ssh-keyscan

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3493

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3663|ok?(dtucker at dtucker.net)    |ok+
              Flags|                            |

--- Comment #3 from Darren Tucker <dtucker at dtucker.net> ---
Comment on attachment 3663
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3663
Support -Ohashalg=sha256 in ssh-keygen and ssh-keyscan

Should have a regression test?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3493

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Blocks|                            |3533
             Status|NEW                         |RESOLVED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
This has been committed and will be in OpenSSH 9.3 (regress test too)


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3533
[Bug 3533] tracking bug for openssh-9.3
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3493

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
OpenSSH 9.3 has been released. Close resolved bugs

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.