You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the HostKeyReceived event the HostKeyName used to be ssh-rsa but now it is rsa-ssh2-512. It appears this was changed in #1177.
Is this an intentional change because the host key hasn't changed and the fingerprint hasn't changed. ssh -vv hosts the host key with the same name as before, ssh-rsa.
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:f8Hzxi2hS8V+rKQxjyHwUmBcOmK/9A4E3YzMY9oLT+Q
The text was updated successfully, but these errors were encountered:
Intentional, maybe? HostKeyName is not really documented but currently returns the signature format identifier which is usually the same as the key format identifier: the key format identifier for RSA keys is ssh-rsa and the signature format identifier for a SHA1 signature is also ssh-rsa.
#1177 tells the server that we would prefer to validate the host key with a SHA2 signature AKA the signature format identifiers rsa-sha2-256 and rsa-sha2-512 which is what your server has given us.
As to whether HostKeyName should return the key format identifier or signature format identifier, I don't really know. What do you use it for?
We compare the name, length and fingerprint match against what we expect for each connection to set CanTrust and so with this change the name no longer matches.
Probably not really necessary to compare more than the fingerprint though 🤷
Indeed, the SHA2 fingerprint is enough (HostKeyEventArgs.FingerPrintSHA256). That would be the easiest fix here, until someone willing is convinced HostKeyName should change.
In the
HostKeyReceived
event theHostKeyName
used to bessh-rsa
but now it isrsa-ssh2-512
. It appears this was changed in #1177.Is this an intentional change because the host key hasn't changed and the fingerprint hasn't changed.
ssh -vv
hosts the host key with the same name as before, ssh-rsa.The text was updated successfully, but these errors were encountered: