[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] block/ssh: add support for sha256 host key fingerprints
From: |
Kevin Wolf |
Subject: |
Re: [PATCH] block/ssh: add support for sha256 host key fingerprints |
Date: |
Wed, 30 Jun 2021 12:52:43 +0200 |
Am 22.06.2021 um 13:51 hat Daniel P. Berrangé geschrieben:
> Currently the SSH block driver supports MD5 and SHA1 for host key
> fingerprints. This is a cryptographically sensitive operation and
> so these hash algorithms are inadequate by modern standards. This
> adds support for SHA256 which has been supported in libssh since
> the 0.8.1 release.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Thanks, applied to the block branch.
> Note I can't actually get iotest '207' to fully pass. It always
> complains that it can't validate the "known_hosts" file
>
> qemu-img: Could not open 'TEST_IMG': no host key was found in known_hosts
>
> it seems to rely on some specific developer host setup that my
> laptop doesn't satisfy. It would be useful if any pre-requisite
> could be documented in the iotest.
>
> At least the sha256 verification step I added to 207 does pass
> though.
It passes for me when I make sure to add 127.0.0.1 to known_hosts first.
My ~/.ssh/config also has these lines, probably from a previous run,
which may or may not be necessary:
Host 127.0.0.1
HostKeyAlgorithms ssh-rsa
Kevin