Open a-jackson opened 8 months ago
Intentional, maybe? HostKeyName
is not really documented but currently returns the signature format identifier which is usually the same as the key format identifier: the key format identifier for RSA keys is ssh-rsa
and the signature format identifier for a SHA1 signature is also ssh-rsa
.
rsa-sha2-256
and rsa-sha2-512
which is what your server has given us.As to whether HostKeyName
should return the key format identifier or signature format identifier, I don't really know. What do you use it for?
We compare the name, length and fingerprint match against what we expect for each connection to set CanTrust and so with this change the name no longer matches. Probably not really necessary to compare more than the fingerprint though 🤷
Indeed, the SHA2 fingerprint is enough (HostKeyEventArgs.FingerPrintSHA256
). That would be the easiest fix here, until someone willing is convinced HostKeyName
should change.
In the
HostKeyReceived
event theHostKeyName
used to bessh-rsa
but now it isrsa-ssh2-512
. It appears this was changed in #1177.Is this an intentional change because the host key hasn't changed and the fingerprint hasn't changed.
ssh -vv
hosts the host key with the same name as before, ssh-rsa.