[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] block/ssh: add support for sha256 host key fingerprints

From: Kevin Wolf
Subject: Re: [PATCH] block/ssh: add support for sha256 host key fingerprints
Date: Wed, 30 Jun 2021 12:52:43 +0200

Am 22.06.2021 um 13:51 hat Daniel P. Berrangé geschrieben:
> Currently the SSH block driver supports MD5 and SHA1 for host key
> fingerprints. This is a cryptographically sensitive operation and
> so these hash algorithms are inadequate by modern standards. This
> adds support for SHA256 which has been supported in libssh since
> the 0.8.1 release.
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Thanks, applied to the block branch.

> Note I can't actually get iotest '207' to fully pass. It always
> complains that it can't validate the "known_hosts" file
>   qemu-img: Could not open 'TEST_IMG': no host key was found in known_hosts
> it seems to rely on some specific developer host setup that my
> laptop doesn't satisfy. It would be useful if any pre-requisite
> could be documented in the iotest.
> At least the sha256 verification step I added to 207 does pass
> though.

It passes for me when I make sure to add to known_hosts first.
My ~/.ssh/config also has these lines, probably from a previous run,
which may or may not be necessary:

    HostKeyAlgorithms ssh-rsa


reply via email to

[Prev in Thread] Current Thread [Next in Thread]