OpenSSH switched from MD5-based fingerprints to SHA256 ones with OpenSSH 6.8 more than 6 years ago:
https://www.openssh.com/txt/release-6.8
The GnuPG already supports the new fingerprints, but still defaults to MD5 so I think it is probably time to switch over.
The following change should do the job. Locally it passes tests for me:
commit 490c8cb8734a74b2f1f85ce6d71381a283e2bb29
Author: Jakub Jelen <jjelen@redhat.com>
Date: Tue May 11 14:24:16 2021 +0200
agent: Use SHA256 for SSH fingerprints by default
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 8f504191b..2d85c070c 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -869,7 +869,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
memset (opt.disable_daemon, 0, sizeof opt.disable_daemon);
disable_check_own_socket = 0;
/* Note: When changing the next line, change also gpgconf_list. */
- opt.ssh_fingerprint_digest = GCRY_MD_MD5;
+ opt.ssh_fingerprint_digest = GCRY_MD_SHA256;
opt.s2k_count = 0;
set_s2k_calibration_time (0); /* Set to default. */
return 1;