diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2016-12-12 16:59:48 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-01-12 11:09:46 +0100 |
commit | 721105c53de6fbc0abc7799ec7f48920e02089bd (patch) | |
tree | 6d1f615ea5d5bc1425a6c944427941d6af5179c0 /ipapython/ssh.py | |
parent | 566c86a782bfd7d50938866e9f89faf56cea773f (diff) | |
download | freeipa-721105c53de6fbc0abc7799ec7f48920e02089bd.tar.gz freeipa-721105c53de6fbc0abc7799ec7f48920e02089bd.tar.xz freeipa-721105c53de6fbc0abc7799ec7f48920e02089bd.zip |
Generate sha256 ssh pubkey fingerprints for hosts
Replace md5 with sha256 for host ssh pubkey fingerprints
https://fedorahosted.org/freeipa/ticket/5695
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Diffstat (limited to 'ipapython/ssh.py')
-rw-r--r-- | ipapython/ssh.py | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/ipapython/ssh.py b/ipapython/ssh.py index c76cf51e4..57752aedc 100644 --- a/ipapython/ssh.py +++ b/ipapython/ssh.py @@ -25,8 +25,8 @@ SSH utilities. import base64 import re import struct -from hashlib import md5, sha1 -from hashlib import sha256 #pylint: disable=E0611 +from hashlib import sha1 +from hashlib import sha256 # pylint: disable=E0611 import six @@ -190,10 +190,11 @@ class SSHPublicKey(object): return out - def fingerprint_hex_md5(self): - fp = md5(self._key).hexdigest().upper() - fp = u':'.join([fp[j:j+2] for j in range(0, len(fp), 2)]) - return fp + def fingerprint_hex_sha256(self): + # OpenSSH trims the trailing '=' of base64 sha256 FP representation + # Using unicode argument converts the result to unicode object + fp = base64.b64encode(sha256(self._key).digest()).rstrip(u'=') + return 'SHA256:{fp}'.format(fp=fp) def _fingerprint_dns(self, fpfunc, fptype): if self._keytype == 'ssh-rsa': |