Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#2075 closed enhancement (fixed)

Add support for SHA-256 fingerprints on file servers

Reported by: Nicklas Nordborg Owned by: Nicklas Nordborg
Priority: major Milestone: BASE 3.11
Component: core Version:
Keywords: Cc:

Description (last modified by Nicklas Nordborg)

The current implementation only supports MD5 but newer versions of OpenSSH defaults to SHA-256.

Since BASE itself is not using the fingerprint for anything, we only need to update the checks in the FileServer.setFingerprint() method to allow SHA-256 fingerprints as well.

SHA-256 is typically Base64-encoded which creates string with 44 characters. Fortunately we already allow the fingerprint to be 47 characters since that is what we get from the MD5 fingerprint (including the colons).

Extensions and plug-ins that actually use file servers for connections via SSH need to be updated with support for SHA-256. See:

Change History (5)

comment:1 by Nicklas Nordborg, 7 years ago

Description: modified (diff)
Owner: changed from everyone to Nicklas Nordborg
Status: newassigned

comment:2 by Nicklas Nordborg, 7 years ago

(In [7332]) References #2075: Add support for SHA-256 fingerprints on file servers

Added support in the data and core layer. The updates adds an additional data column: ssh_fingerprint_type which is the auto-detected type of fingerprint. The core API has support for MD5 (as before) and SHA-256 fingerprints. The MD5 fingerprints should be hex-encoded and the SHA-256 Base64 encoded.

Existing file server entries that has a fingerprint value automatically get the MD5 type.

comment:3 by Nicklas Nordborg, 7 years ago

(In [7333]) References #2075: Add support for SHA-256 fingerprints on file servers

The web client now supports this as well. Added 'fingerprintType' column to the list page and to the view page. The edit dialog now supports the Base64 format as well.

comment:4 by Nicklas Nordborg, 7 years ago

Resolution: fixed
Status: assignedclosed

comment:5 by Nicklas Nordborg, 7 years ago

(In [7343]) References #2075: Add support for SHA-256 fingerprints on file servers

Updated documentation with information about this.

Note: See TracTickets for help on using tickets.