OpenSSH switched from MD5-based fingerprints to SHA256 ones with OpenSSH 6.8 more than 6 years ago:
The GnuPG already supports the new fingerprints, but still defaults to MD5 so I think it is probably time to switch over.
The following change should do the job. Locally it passes tests for me:
commit 490c8cb8734a74b2f1f85ce6d71381a283e2bb29 Author: Jakub Jelen <firstname.lastname@example.org> Date: Tue May 11 14:24:16 2021 +0200 agent: Use SHA256 for SSH fingerprints by default Signed-off-by: Jakub Jelen <email@example.com> diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 8f504191b..2d85c070c 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -869,7 +869,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread) memset (opt.disable_daemon, 0, sizeof opt.disable_daemon); disable_check_own_socket = 0; /* Note: When changing the next line, change also gpgconf_list. */ - opt.ssh_fingerprint_digest = GCRY_MD_MD5; + opt.ssh_fingerprint_digest = GCRY_MD_SHA256; opt.s2k_count = 0; set_s2k_calibration_time (0); /* Set to default. */ return 1;