Am Donnerstag 31 Mai 2018 schrieb Stefan Krusche: > Good day everyone, > > while starting the devuan installer from > devuan_ascii_2.0.0-rc_amd64_netinst.iso and initiating to continue with ssh > remote install (in graphic expert install mode) the installer showed its > fingerprint as SHA256:xxx, which was new to me. It used to be an RSA key > fingerprint. > > Problem: when I try to connect from my other machine which is a devuan > jessie system to the one I'm gonna set up: > ssh installer@192.168.19.3 > ssh still shows an RSA fingerprint from the installer, so I don't know how > to verify it (which was easy with the jessie installer just by looking). > > Not that I don't trust my own computer here but I'd like to know if I need > a more recent version of ssh or if there's a way to get a visual match or > something. Found nothing about SHA256 host keys in man ssh. > > Can anyone clarify about this to me, please? >
So, I just found this: https://superuser.com/questions/929566/sha256-ssh-fingerprint-given-by-the-client-but-only-md5-fingerprint-known-for-se#929567 according to which fingerprint of the sshd server defaults to SHA256 from some version on and I'd expect it to be sent as such to the client. My older version can't seem to process option "-o FingerprintHash=sha" as suggested in the posting on superuser.com to get the SHA256 key fingerprint which is shown on the screen of the installer. Now, I don't know if the RSA key fingerprint of the sshd server of the installer, which my ssh client shows, is sent that way from the server (should be so, right?) or my ssh client is to old and with a newer one it would show the SHA256 key fingerprint like on the installer screen. Maybe, the installer has to be configured to send SHA256 key fingerprint and it isn't? Thanks, Stefan _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
