[Bug 1679607] Re: Hashing known_hosts renders fingerprints unusable

Chris 1679607 at bugs.launchpad.net
Tue Apr 4 21:56:36 UTC 2017 

*** This bug is a duplicate of bug 1668093 ***
    https://bugs.launchpad.net/bugs/1668093

Ah yes, same thing, sorry about that - default (simple) search doesn't
show bugs with Fix Released so I didn't spot it. Will mark as duplicate.

** This bug has been marked a duplicate of bug 1668093
   ssh-keygen -H corrupts already hashed entries

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1679607

Title:
  Hashing known_hosts renders fingerprints unusable

Status in openssh package in Ubuntu:
  New

Bug description:
  Running ssh-keygen -H against known_hosts renders the fingerprints so
  that a match is no longer found. The man page states this is 'safe to
  use on files that mix hashed and non-hashed names'.

  To reproduce on Ubuntu 16.10, with openssh-client 1:7.3p1-1:
  ------------------------------------------------------------------------------
  1. Try to connect first time, prompted for fingerprint so add it
  user at myserver:~$ ssh example.com
  The authenticity of host 'example.com (192.0.2.1)' can't be established.
  ECDSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8..
  Are you sure you want to continue connecting (yes/no)? yes
  Warning: Permanently added 'example.com,192.0.2.1' (ECDSA) to the list of known hosts.
  user at example.com's password:
  ------------------------------------------------------------------------------
  2. Try to connect again, no prompt for fingerprint (as expected)
  user at myserver:~$ ssh example.com
  user at example.com's password:
  ------------------------------------------------------------------------------
  4. Hash the known hosts file
  user at myserver:~$ ssh-keygen -H
  /home/user/.ssh/known_hosts updated.
  Original contents retained as /home/user/.ssh/known_hosts.old
  WARNING: /home/user/.ssh/known_hosts.old contains unhashed entries
  Delete this file to ensure privacy of hostnames
  ------------------------------------------------------------------------------
  5. Try to connect again, prompted for fingerprint
  user at myserver:~$ ssh example.com
  The authenticity of host 'example.com (192.0.2.1)' can't be established.
  ECDSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8..
  Are you sure you want to continue connecting (yes/no)?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1679607/+subscriptions

More information about the foundations-bugs mailing list