Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Show MD5 Hash of Fingerprint in Verbose Output

See original GitHub issue

When when verifying host keys, PuTTY, plink and psftp use an md5 hash rather than a sha256 hash.

plink 0.74 - Example Output (click to expand):

C:\sandbox>plink.exe -v scanme.nmap.org
Looking up host "scanme.nmap.org" for SSH connection
Connecting to 45.33.32.156 port 22
We claim version: SSH-2.0-PuTTY_Release_0.74
Remote version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
We believe remote version has SSH-2 channel request bug
Using SSH protocol version 2
No GSSAPI security context available
Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (unaccelerated)
Server also has ecdsa-sha2-nistp256/ssh-dss/ssh-rsa host keys, but we don't know any of them
Host key fingerprint is:
ssh-ed25519 255 33:fa:91:0f:e0:e1:7b:1f:6d:05:a2:b0:f1:54:41:56
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's ssh-ed25519 key fingerprint is:
ssh-ed25519 255 33:fa:91:0f:e0:e1:7b:1f:6d:05:a2:b0:f1:54:41:56
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n)

Currently ssh-audit only shows fingerprints in the form of a sha256 hash. Do you have any objection to also showing the md5 hash if the verbose (-v/--verbose) parameter has been provided?

I’ve built a proof-of-concept that I can share.

By the way, the Fingerprint class is already capable of producing an md5 hash, it’s just not currently used: https://github.com/jtesta/ssh-audit/blob/2f1a2a60b153509612a450173041fb698177dc45/src/ssh_audit/fingerprint.py#L33-L37

Issue Analytics

State:
Created 3 years ago
Comments:14 (14 by maintainers)

Top GitHub Comments

1reaction

jtestacommented, May 20, 2021

Ok. Please have a look at 07862489c410e173c3f7017b2ca3ec70be172256. I made it output the MD5 hash in white instead of red.

0reactions

jtestacommented, May 20, 2021

Great! Thanks for the help!!

Top Results From Across the Web

How can I get the MD5 fingerprint from Java's keytool, not only ...

With JDK 1.7 installed, keytool always outputs by default SHA1 fingerprint, not MD5. you can get the MD5 Certificate by adding -v option....

get SSH key fingerprint in (old) hex format on new version of ...

server: FreeBSD running OpenSSH 7.2p2. The client reports the md5 hash of the server's key as a sequence of 16 pairs of hex...

md5sumd :: Variant Tools

A tool that calculates the MD5 checksum of files and directories, and use it to check the integrity of these files and directories....

Fetchmail Manual

Specify the fingerprint of the server key (an MD5 hash of the key) in hexadecimal notation with colons separating groups of two digits....

PuTTY wish ssh-fingerprint-formats - Chiark

PuTTY currently only supports one format for displaying SSH public key fingerprints (used when verifying host keys); this is the traditional set of...