Posh-SSH icon indicating copy to clipboard operation
Posh-SSH copied to clipboard

Published 20 hours ago verified publisher icon darkoperator

Add Support SHA256 fingerprints for host key validation

Open MVKozlov opened this issue 1 year ago • 6 comments

I think we need it because it's default for original ssh

https://github.com/sshnet/SSH.NET/pull/1098

MVKozlov avatar Feb 12 '24 06:02 MVKozlov

Makes sense

darkoperator avatar Feb 13 '24 01:02 darkoperator

I plan to do this in the near future, I think it’s worth making it by default, leaving the old format only for compatibility

MVKozlov avatar Feb 13 '24 07:02 MVKozlov

Is it necessary to force the host to be updated to the new format in hosts.json ?

MVKozlov avatar Feb 13 '24 08:02 MVKozlov

@darkoperator, What do you think about whether it is necessary to update the keys to the new format? I prepared commits for PR

MVKozlov avatar Feb 19 '24 14:02 MVKozlov

You mean the current key fingerprints that are stored ? If it is those it would simplify the code by removing the backward complexity, but adds the risk of a bug causing issues. I think it would be a risk we can mitigate by testing before pushing and it should not be a problem.

darkoperator avatar Feb 19 '24 20:02 darkoperator

yes, at the moment I’m just testing first for a match with sha256, then md5. and then the result can be saved (now commented out).

For new hosts, a new format sha256 is always written.

It seems to me that this could be done after upgrade the version to 4.0 (you also have serious changes there with authorization)

MVKozlov avatar Feb 20 '24 10:02 MVKozlov