Blink: RSA fingerprint - Blink versus ssh-keygen

I think we are not generating that correctly. I will change to resemble what OpenSSH does.

Thanks. Is there any other way to securely connect to a remote host without being able to verify the fingerprint?

I tried importing the host's public key from another terminal app that already has a verified connection to that host. However, it seems I cannot add public host keys to Blink (correct me if I am wrong).

My point is, I now have an €20 app on my phone that I cannot use due to this bug.

It seems to be the SHA1 fingerprint encoded in hex instead of base64, with some extra bytes at the end of the checksum. Either ssh-fingerprint cuts off the SHA1 fingerprint, or blink has trailing garbage behind the checksum.
You can check with echo '<sha1 checksum in base64> | base64 -D | hexdump. Get the checksum with ssh-fingerprint -E sha1 ..

IIRC I commented about that on hacker news when blink was announced. Weird to see something so important get low priority for a long time.

Btw. SHA1 is known as broken as of today, so blink should really report SHA256 and nothing else.

It is actually on the libssh2 side, we are just misconfiguring it. Will do this myself and push on next version, which should be out in the next days. Really sorry about the delay, I will be prioritising all the backend issues for the next weeks.

So taking into consideration that we are gonna start to prioritise all the backend things (tunnels, auth methods, etc...), two things for the time being:

• @cjay Following OpenSSH, we are creating the fingerprint by base64 encoding the SHA1 hash. I tried to add SHA256 as I though it might be easy given that libssh2 already supports HMAC hashes there, but turns out nothing is easy with it. We will probably add this when we support ECDSA keys. Let me know if you think a different approach might be better.
• @christophberger - I have added a new and secret option (-h) to disable host key checks while we figure out what is going on. Blink's Host Key check isn't very strict, and it should always ask you whether or not you wanna go ahead, even if the check failed. I would love to have more info on what you are seeing from your side (probably running with -v would also help). It might be that the key sent by the server isn't supported.

This will all be out as soon as Apple approves :)

@carloscabanero Here is a -v output (with fake host name and IP address):

blink> ssh -v my.host.com
SSHSession:DEBUG:Connecting to my.host.com [5a07:3g4:a4c:d3ea::4] port 22.
Connected to 5a07:3g4:a4c:d3ea::4
The authenticity of host my.host.com (5a07:3g4:a4c:d3ea::4) can't be established.
RSA key fingerprint is 8a4fc4620a5f258aa0285708ab28942b222904e2
Are you sure you want to continue connecting (yes/no)?no
Could not connect to host: Host key verification failed.
blink> 

As you closed this issue, shall I open a new one?

Sorry, I did not close it, github did when I pushed the new changes. The new version is already available for testers and awaiting Apple's approval. I added the new option -h there. Let me know if you would be interested on using the TestFlight version too :)

I'm still seeing this, I believe. I just downloaded v12.3.70 (Dec 4 2018) from the iOS App Store. This surprises me, since at https://github.com/blinksh/blink/blob/12-stable/Sessions/SSHSession.m#L812 , it looks like it's supposed to report in base64 format. I have no idea why I'm seeing this in hex still. Am I missing something here?

The initial line from ssh thor (where thor is untrusted) is

Public key hash: 0c:d2:40:3c:f9:65:2e:95:17:66:0d:96:ed:59:24:c9:af:a5:bf:0e

This matches what I get from the description of the old format, a hex dump of the SHA1 instead of a base64 like OpenSSH produces (and BTW, OpenSSH doesn't discard two bytes; you need to append an = sign to get the padding right when you pass it to base64):

thor$ cd /etc/ssh
thor$ ssh-keygen -E sha1 -l -f ssh_host_ed25519_key.pub | sed -Ee 's/.*:([^ ]*).*/\1=/' | b64decode -r | hexdump -e '/1 "%02x:"' ; echo
0c:d2:40:3c:f9:65:2e:95:17:66:0d:96:ed:59:24:c9:af:a5:bf:0e:
thor$ 

(This is on FreeBSD; other OSs may need different commands.)

In the usual OpenSSH client, the key is reported as base64-encoded SHA256 by default, but ssh-keygen and ssh can report it in base64-encoded SHA1 if you ask them to. But nothing in OpenSSH seems to use the hex-encoded SHA1 that Blink is reporting.

thor$ ssh -o HostKeyAlgorithms=ssh-ed25519 localhost true
ED25519 key fingerprint is SHA256:BU3PR6W0uHZMJGezmMFLm0+5XiG2t8XY+SA7hh7L6Mk.
thor$ ssh -o FingerprintHash=sha1 -o HostKeyAlgorithms=ssh-ed25519 localhost true
ED25519 key fingerprint is SHA1:DNJAPPllLpUXZg2W7Vkkya+lvw4.
thor$ ssh-keygen -E sha256 -l -f ssh_host_ed25519_key.pub
256 SHA256:BU3PR6W0uHZMJGezmMFLm0+5XiG2t8XY+SA7hh7L6Mk root@thor (ED25519)
thor$ ssh-keygen -E sha1 -l -f ssh_host_ed25519_key.pub
256 SHA1:DNJAPPllLpUXZg2W7Vkkya+lvw4 root@thor (ED25519)

I have no idea where this hex version of the hash is coming from; it seems that you switched to base64 two years ago in 32959221300e5cdb3609c246b284aae9081fd341. Am I missing something?

I am having a similar problem.

Getting the following message:

Host Key for server changed. Ed25519 key fingerprint is SHA256:iiVg4ZbCtO6+b2rvTN3DfPWP3oTXV2mYE3w1n9jdRdw. For security reason, connection will be stopped.

ssh + mosh works fine from my laptop. Not working via Blink app.

Hey,
To resolve the issue follow this steps:

1. Open Blink
2. next we need to remove the files within .ssh (in my case i deleted known_hosts)
3. use 'ls -a' within blink to see hidden folders
4. cd .shh
5. rm -rf ./known_hosts

now retry to connect to your remote server
it should rework again

regards
schr3da

It is also possible to remove just one record

1. cat .ssh/known_hosts (find a record you want to remove, for instance, I want to remove 10.0.1.25)
2. awk '!/10.0.1.25/' .ssh/known_hosts > hosts
3. mv hosts .ssh/known_hosts

Thanks for the replies schr3da and yury. I was able to fix the issue by removing the known_hosts file.
To help clarify the issue for other users, does it make sense for blink to suggest removing the known_hosts file? Something like:
Host Key for server changed. Ed25519 key fingerprint is SHA256:iiVg4ZbCtO6+b2rvTN3DfPWP3oTXV2mYE3w1n9jdRdw. For security reason, connection will be stopped. This error maybe fixed by removing record in .ssh/known_hosts associated with the host you are trying to connect to.

Removing the known_hosts file is not really a fix as it will force you to accept all the other servers you have configured again. Ideally we should have a tiny built in editor so we can do stuff like this (or awk). Or maybe fix ssh-keygen -R

FWIW, Blink contains sed, a line editor. I managed to find and remove the offending host entry with this command:

sed '/^wronghost/d' .ssh/known_hosts >.ssh/known_hosts2

(Replace wronghost with the host name or IP address of the offending host entry. Ensure to keep the caret ^ that matches the beginning of the line.)

Then I verified the new file with cat:

cat .ssh/known_hosts2

and mved it over the original file:

mv .ssh/known_hosts2 .ssh/known_hosts