Ed25519 and MD5 fingerprints for the new Lish gateways

[mnordhoff]

The Lish guide was updated with new SSH host key fingerprints in #2310. The new ones are SHA-256 fingerprints of the RSA and ECDSA keys.

I have two issues with that, of differing importance:

• The gateways support Ed25519, the newest and best SSH key format, which modern clients use by default, but fingerprints for the keys aren't provided.

$ ssh lish-fremont.linode.com
The authenticity of host 'lish-fremont.linode.com (2600:3c01::f03c:91ff:fec5:3a0b)' can't be established.
ED25519 key fingerprint is SHA256:OX3imiePFMl6d5N+IaYhGZQ07nuApcUgnd2YRbFNKH0.
Are you sure you want to continue connecting (yes/no)?

• In the opposite direction, I would appreciate it if MD5 fingerprints were also listed. MD5 is old and bad, but not insecure for this purpose, and old and bad clients -- like Ubuntu 14.04, which goes EOL in April, but isn't EOL yet -- still require it.

You can generate them with modern OpenSSH with e.g.:

$ ssh-keygen -lE md5 -f /etc/ssh/ssh_host_ed25519_key.pub 
256 MD5:f1:d3:21:6a:9c:b6:07:6a:e2:77:bf:a0:be:72:55:0b root@li1073-94 (ED25519)

Thank you. <3

[andystevensname]

@mnordhoff ,

Thanks for raising this issue. We've added the information and are including it in our next release.