Re: ssh: case insensitive fingerprint validation

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, 8 Sep 2020, Patrik Lundin wrote:

> Hello!
> 
> I noticed the ssh client now allows you to paste a fingerprint at the
> host key verification question which I thought was pretty cool and a
> welcome feature.
> 
> When testing it out I discovered it did not care about the case of the
> entered hash, and looking at sshconnect.c I see strcasecmp() is
> used which explains why.
> 
> I'm just curious if this was a deliberate decision or if it would make
> sense to actually care about the case since the base64 encoded sha256
> fingerprints contains a mix of upper and lower case characters.

Yes, it should be case sensitive. I have committed a fix that will
be in OpenSSH 8.4.

Thanks,
Damien
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux