#2075 closed enhancement (fixed)
Add support for SHA-256 fingerprints on file servers
| Reported by: | Nicklas Nordborg | Owned by: | Nicklas Nordborg |
|---|---|---|---|
| Priority: | major | Milestone: | BASE 3.11 |
| Component: | core | Version: | |
| Keywords: | Cc: |
Description (last modified by )
The current implementation only supports MD5 but newer versions of OpenSSH defaults to SHA-256.
Since BASE itself is not using the fingerprint for anything, we only need to update the checks in the FileServer.setFingerprint() method to allow SHA-256 fingerprints as well.
SHA-256 is typically Base64-encoded which creates string with 44 characters. Fortunately we already allow the fingerprint to be 47 characters since that is what we get from the MD5 fingerprint (including the colons).
Extensions and plug-ins that actually use file servers for connections via SSH need to be updated with support for SHA-256. See:
Change History (5)
comment:1 by , 8 years ago
| Description: | modified (diff) |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
comment:2 by , 8 years ago
comment:3 by , 8 years ago
comment:4 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:5 by , 8 years ago
Note:
See TracTickets
for help on using tickets.
(In [7332]) References #2075: Add support for SHA-256 fingerprints on file servers
Added support in the data and core layer. The updates adds an additional data column: ssh_fingerprint_type which is the auto-detected type of fingerprint. The core API has support for MD5 (as before) and SHA-256 fingerprints. The MD5 fingerprints should be hex-encoded and the SHA-256 Base64 encoded.
Existing file server entries that has a fingerprint value automatically get the MD5 type.