[Freeipa-devel] Changed SSH public key fingerprint to SHA256
Standa Laznicka
slaznick at redhat.com
Thu Jan 12 12:15:27 UTC 2017
Hello list,
In PR https://github.com/freeipa/freeipa/pull/385 we changed the hashing
algorithm for SSH public key fingerprints which are printed for
hosts/users in their respective show commands. These fingerprints are
not stored anywhere and are calculated during runtime on demand.
We did the mentioned change to move from MD5 use of which breaks IPA in
FIPS. Also, SHA256 (along with MD5) fingerprints are now printed by
default in Fedora 25 when trying to connect to a new host via ssh.
If you think this could break some use-case, please, share your concern.
Have a nice day,
Standa
More information about the Freeipa-devel
mailing list