| commit | e9dd22965ec7fbd99376e717e6d7895d23c0a74f | |
| author | Kyle J. McKay <mackyle@gmail.com> | |
| Sat, 23 Jan 2021 01:13:23 +0000 (22 18:13 -0700) | ||
| committer | Kyle J. McKay <mackyle@gmail.com> | |
| Sat, 23 Jan 2021 01:13:23 +0000 (22 18:13 -0700) | ||
| tree | 3ac55cf64cbcc7096fd5315ff8e5854cbe6cb613 | treesnapshot (tar.gz zip) |
| parent | 70676f658627f263224f6df532646a5aa9e87e57 | commitdiff |
keyinfo: update ssh-keygen info to reflect current versions
Since OpenSSH 6.8p1 (released 2015-03-18), the default fingerprint
shown for public keys has been changed and a new option (-E) added
to select the fingerprint being used.
Go ahead and mention the needed option and argument (-E md5) in
order to make ssh-keygen show the same fingerprint that reguser.cgi
and edituser.cgi do.
While it's certainly possible that clients are using a version of
OpenSSH prior to 6.8p1, don't bother trying to point out that the
`-E` option and argument should be omitted with such older versions.
Older less secure SSH protocols are being phased out and at least
OpenSSH version 7.2p1 is required in order to have support for the
newer "rsa-sha2-256" public key algorithm (see RFC 8332). Since
the `-E` option was added as of OpenSSH version 6.8p1, if support
for the newer more secure protocols is available, then so too will
be support for the `-E` option.
In any case, attempting to use the `-E` option with a pre-6.8p1
version of OpenSSH will conveniently show an "illegal option" message
and a list of allowed options.
The excessive clutter of trying to explain all that concisely in the
various places the "ssh-keygen -l" text appears can therefore be
avoided with very little impact.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
Since OpenSSH 6.8p1 (released 2015-03-18), the default fingerprint
shown for public keys has been changed and a new option (-E) added
to select the fingerprint being used.
Go ahead and mention the needed option and argument (-E md5) in
order to make ssh-keygen show the same fingerprint that reguser.cgi
and edituser.cgi do.
While it's certainly possible that clients are using a version of
OpenSSH prior to 6.8p1, don't bother trying to point out that the
`-E` option and argument should be omitted with such older versions.
Older less secure SSH protocols are being phased out and at least
OpenSSH version 7.2p1 is required in order to have support for the
newer "rsa-sha2-256" public key algorithm (see RFC 8332). Since
the `-E` option was added as of OpenSSH version 6.8p1, if support
for the newer more secure protocols is available, then so too will
be support for the `-E` option.
In any case, attempting to use the `-E` option with a pre-6.8p1
version of OpenSSH will conveniently show an "illegal option" message
and a list of allowed options.
The excessive clutter of trying to explain all that concisely in the
various places the "ssh-keygen -l" text appears can therefore be
avoided with very little impact.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
| Girocco/SSHUtil.pm | diffblobblamehistory | |
| cgi/edituser.cgi | diffblobblamehistory | |
| cgi/reguser.cgi | diffblobblamehistory | |
| toolbox/usertool.pl | diffblobblamehistory |