Index: sftp/kio_sftp.cpp =================================================================== --- sftp/kio_sftp.cpp +++ sftp/kio_sftp.cpp @@ -648,9 +648,10 @@ QString msg; // msg for dialog box QString caption; // dialog box caption unsigned char *hash = nullptr; // the server hash - ssh_key srv_pubkey; - char *hexa; size_t hlen; + ssh_key srv_pubkey = nullptr; + const char *srv_pubkey_type = nullptr; + char *fingerprint = nullptr; int rc, state; // Attempt to start a ssh session and establish a connection with the server. @@ -668,14 +669,34 @@ return; } + srv_pubkey_type = ssh_key_type_to_char(ssh_key_type(srv_pubkey)); + if (srv_pubkey_type == nullptr) { + ssh_key_free(srv_pubkey); + error(KIO::ERR_SLAVE_DEFINED, + i18n("Could not get server public key type name")); + closeConnection(); + return; + } + rc = ssh_get_publickey_hash(srv_pubkey, - SSH_PUBLICKEY_HASH_SHA1, - &hash, - &hlen); + SSH_PUBLICKEY_HASH_SHA256, + &hash, + &hlen); ssh_key_free(srv_pubkey); if (rc < 0) { error(KIO::ERR_SLAVE_DEFINED, - i18n("Could not create hash from server public key")); + i18n("Could not create hash from server public key")); + closeConnection(); + return; + } + + fingerprint = ssh_get_fingerprint_hash(SSH_PUBLICKEY_HASH_SHA256, + hash, + hlen); + ssh_string_free_char((char *)hash); + if (fingerprint == nullptr) { + error(KIO::ERR_SLAVE_DEFINED, + i18n("Could not create fingerprint for server public key")); closeConnection(); return; } @@ -688,36 +709,39 @@ case SSH_SERVER_KNOWN_OK: break; case SSH_SERVER_FOUND_OTHER: - ssh_string_free_char((char *)hash); - error(KIO::ERR_SLAVE_DEFINED, i18n("The host key for this server was " + ssh_string_free_char(fingerprint); + error(KIO::ERR_SLAVE_DEFINED, i18n("An %1 key for this server was " "not found, but another type of key exists.\n" "An attacker might change the default server key to confuse your " "client into thinking the key does not exist.\n" - "Please contact your system administrator.\n%1", QString::fromUtf8(ssh_get_error(mSession)))); + "Please contact your system administrator.\n%2", + QString::fromUtf8(srv_pubkey_type), + QString::fromUtf8(ssh_get_error(mSession)))); closeConnection(); return; case SSH_SERVER_KNOWN_CHANGED: - hexa = ssh_get_hexa(hash, hlen); - ssh_string_free_char((char *)hash); - /* TODO print known_hosts file, port? */ error(KIO::ERR_SLAVE_DEFINED, i18n("The host key for the server %1 has changed.\n" "This could either mean that DNS SPOOFING is happening or the IP " "address for the host and its host key have changed at the same time.\n" - "The fingerprint for the key sent by the remote host is:\n %2\n" - "Please contact your system administrator.\n%3", - mHost, QString::fromUtf8(hexa), QString::fromUtf8(ssh_get_error(mSession)))); - ssh_string_free_char(hexa); + "The fingerprint for the key sent by the remote host is:\n" + " SHA256:%2\n" + "Please contact your system administrator.\n" + "%3", + mHost, + QString::fromUtf8(fingerprint), + QString::fromUtf8(ssh_get_error(mSession)))); + ssh_string_free_char(fingerprint); closeConnection(); return; case SSH_SERVER_FILE_NOT_FOUND: case SSH_SERVER_NOT_KNOWN: - hexa = ssh_get_hexa(hash, hlen); - ssh_string_free_char((char *)hash); caption = i18n("Warning: Cannot verify host's identity."); msg = i18n("The authenticity of host %1 cannot be established.\n" - "The key fingerprint is: %2\n" - "Are you sure you want to continue connecting?", mHost, hexa); - ssh_string_free_char(hexa); + "The key fingerprint is: SHA256:%2\n" + "Are you sure you want to continue connecting?", + mHost, + fingerprint); + ssh_string_free_char(fingerprint); if (KMessageBox::Yes != messageBox(WarningYesNo, msg, caption)) { closeConnection(); @@ -734,7 +758,7 @@ } break; case SSH_SERVER_ERROR: - ssh_string_free_char((char *)hash); + ssh_string_free_char(fingerprint); error(KIO::ERR_SLAVE_DEFINED, QString::fromUtf8(ssh_get_error(mSession))); return; }