Opened 5 months ago

Closed 4 months ago

Last modified 4 months ago

#2075 closed enhancement (fixed)

Add support for SHA-256 fingerprints on file servers

Reported by: nicklas Owned by: nicklas
Priority: major Milestone: BASE 3.11
Component: core Version:
Keywords: Cc:

Description (last modified by nicklas)

The current implementation only supports MD5 but newer versions of OpenSSH defaults to SHA-256.

Since BASE itself is not using the fingerprint for anything, we only need to update the checks in the FileServer.setFingerprint() method to allow SHA-256 fingerprints as well.

SHA-256 is typically Base64-encoded which creates string with 44 characters. Fortunately we already allow the fingerprint to be 47 characters since that is what we get from the MD5 fingerprint (including the colons).

Extensions and plug-ins that actually use file servers for connections via SSH need to be updated with support for SHA-256. See:

Change History (5)

comment:1 Changed 5 months ago by nicklas

  • Description modified (diff)
  • Owner changed from everyone to nicklas
  • Status changed from new to assigned

comment:2 Changed 5 months ago by nicklas

(In [7332]) References #2075: Add support for SHA-256 fingerprints on file servers

Added support in the data and core layer. The updates adds an additional data column: ssh_fingerprint_type which is the auto-detected type of fingerprint. The core API has support for MD5 (as before) and SHA-256 fingerprints. The MD5 fingerprints should be hex-encoded and the SHA-256 Base64 encoded.

Existing file server entries that has a fingerprint value automatically get the MD5 type.

comment:3 Changed 4 months ago by nicklas

(In [7333]) References #2075: Add support for SHA-256 fingerprints on file servers

The web client now supports this as well. Added 'fingerprintType' column to the list page and to the view page. The edit dialog now supports the Base64 format as well.

comment:4 Changed 4 months ago by nicklas

  • Resolution set to fixed
  • Status changed from assigned to closed

comment:5 Changed 4 months ago by nicklas

(In [7343]) References #2075: Add support for SHA-256 fingerprints on file servers

Updated documentation with information about this.

Note: See TracTickets for help on using tickets.