Only SHA256 fingerprints are calculated - no MD5 and SHA512

[hmaier1996]

When scanning a remote server, only the sha256 fingerprints are shown.

It would make sense, to calculate the fingerprint with different hash algorithms, because not every client uses a sha256 hash for fingerprint calculation.

Following hash algorithms should be used:

• MD5 (deprecated but there are still clients which are using MD5)
• SHA512 (rarely used but some clients exist which are using SHA512 fingerprints)

I know those algorithms are not common, but as long as some clients are using those, ssh-audit should calculate the fingerprints.

[thecliguy]

The MD5 fingerprint is already handled - but it's only shown if you use -v / --verbose.

JSON output will always include MD5 because it implicitly invokes verbosity.

This is an intentional design decision to avoid cluttering the output with something that doesn't have mainstream appeal.

For the background, see #102.

[jtesta]

@hmaier1996 : as @thecliguy mentioned, you can still get the MD5 hash with the -v / --verbose flag. It is intentionally hidden by default since MD5 hashes are insecure for the use case of authenticating the server.

What clients show SHA512 by default? At the moment, I'd rather not clutter up the UI to accommodate special cases, but I wouldn't mind adding SHA512 hashes to verbose output.

[jtesta]

Closing this, since we didn't get a response regarding clients that use SHA-512 fingerprints.