IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: How to handle incorrectly-encoded public keys
>>> ["rsa-sha2-256" as a public-key initial string]
>> I would expect my implementation would reject the key because it
>> none of the key format modules accept it
> That's what my code currently does too, but presumably someone is
> accepting the incorrect format (and not noticing that key
> fingerprints don't match) because something must be connecting to it,
How would the key fingerprints not match? Fingerprint the key once,
fingerprint it again, I'd expect ~every implementation to get the same
fingerprint each time. Indeed, for fingerprints to be useful it would
have to.
If you're trying to fingerprint it and then fingerprint the similar key
which is identical except that it calls itself ssh-rsa, yes, the
fingerprints should differ. But I suspect the latter key "doesn't
exist", certainly is never sent by anyone to anyone, meaning there'd be
no difference to notice.
>> Did you see this as a host key, or as a key offered for publickey
>> authentication, or what?
> It's the host key. [...]
If it's accessible at a globally-routed IP you can point me to, I could
try to connect to it to see what moussh does....
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index