freeipa

Clone
Source Code
GIT

#2642 [RFE] Add support for enhanced SSHFP DNS records per RFC 6594
Closed: Fixed None Opened 12 years ago by jcholast.

Closed: Fixed
Reopen Issue

RFC 6954 adds support for ECDSA keys and SHA-256 hashes to SSHFP records.

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=813398

Major feature, belongs in 3.3 backlog for now. Kicking into needs triage to confirm.

Jan: RFC 6594 is supported in both OpenSSH and BIND versions available in F18. There is one minor issue with SHA-256 SSHFP records in nsupdate + bind-dyndb-ldap (formatting of the records in LDAP is not right, it does NOT affect functionality)

BIND splits long fingerprints with single space after each 60 characters, but there is no way how to enforce different formatting (without re-implementing BIND formatting subsystem) => pspacek recommends to handle white spaces in IPA CLI & WebUI

Changing 3.2 priority

master: 86dde3a

Metadata Update from @jcholast:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 3.2 - 2013/01
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
enhancement
None
None
IPA
None
0
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=813398
None
Feature adds support of the the host key hash algorithms covered in more recent RFCs.
http://freeipa.org/page/V3/RFC_6594_SSHFP_DNS_records
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.