[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [313] SshAccess: Updated host keys
From: |
bob |
Subject: |
[Savannah-cvs] [313] SshAccess: Updated host keys |
Date: |
Mon, 13 Feb 2017 15:40:14 -0500 (EST) |
Revision: 313
http://svn.sv.gnu.org/viewvc/?view=rev&root=administration&revision=313
Author: rwp
Date: 2017-02-13 15:38:06 -0500 (Mon, 13 Feb 2017)
Log Message:
-----------
SshAccess: Updated host keys
Modified Paths:
--------------
trunk/sviki/SshAccess.mdwn
Modified: trunk/sviki/SshAccess.mdwn
===================================================================
--- trunk/sviki/SshAccess.mdwn 2017-02-12 05:49:12 UTC (rev 312)
+++ trunk/sviki/SshAccess.mdwn 2017-02-13 20:38:06 UTC (rev 313)
@@ -120,8 +120,7 @@
If you get a warning about a fingerprint change, you can check the host
fingerprint you have stored with for example:
- $ ssh-keygen -l -F git.sv.gnu.org
- 1024 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5
|1|wU2ra57xIdkRXsEfm1DRa50balE=|G1xDRrb9dpIwjfvx7D9+cRwZl4Q= (RSA)
+ $ ssh-keygen -l -F git.savannah.gnu.org
Your `~/.ssh/known_hosts` file may have hostnames either plain or
hashed. The newer default is hashed and the hostname will display as
@@ -131,15 +130,30 @@
Note that newer ssh defaults to SHA256 rather than MD5 now. In those
cases you may need to add -Emd5 in order to show the MD5 version.
-At some point vcs.sv.gnu.org will be updated to enable ECDSA and at
-that time you will start to see ECDSA signatures. Almost certainly
-this documentation will lag behind and need updating after that has
-happened. If so please report it so that we will remember to update it.
+The keys currently in use on vcs.savannah.gnu.org are the following,
+reported in all of the many various formats.
-The key currently in use on vcs.sv.gnu.org is:
+ 1024 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5 (RSA)
+ 256 65:b8:1c:2f:82:7c:0e:39:e1:4a:63:f2:13:10:e8:9c (ECDSA)
+ 256 14:7b:c8:98:dd:06:08:97:8c:00:9d:d2:ae:85:c8:82 (ED25519)
- 1024 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5 git.sv.gnu.org (RSA)
+ 1024 SHA256:FYkx0iik+iBeCLRzvUyUSTRT98TEBBJoYuQsTXbyGL8 (RSA)
+ 256 SHA256:qRLLJ4w/GAeiDyYnbx4yWJbZXwGiYYxgNty7lAfUyuM (ECDSA)
+ 256 SHA256:o/oI4CKKcWc4cZvDFEdmOXsE3tiPP8bWa04h4bQjtV4 (ED25519)
+Here are samples of ~/known_hosts file entries that would be created
+upon TOFU (Trust On First Use) by ssh when connecting to the version
+control system server. Here I a giving an example without
+HashKnownHosts set because showing the hash here would not be useful
+for an example. The `HOSTNAME.or.HASH.here` is meant as a generic
+holder for that field because your system will have something
+different there and there are too many possible host names to document
+all of them.
+
+ HOSTNAME.or.HASH.here ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAzFQovi+67xa+wymRz9u3plx0ntQnELBoNU4SCl3RkwSFZkrZsRTC0fTpOKatQNs1r/BLFoVt21oVFwIXVevGQwB+Lf0Z+5w9qwVAQNu/YUAFHBPTqBze4wYK/gSWqQOLoj7rOhZk0xtAS6USqcfKdzMdRWgeuZ550P6gSzEHfv0=
+ HOSTNAME.or.HASH.here ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP9c1Z2f4OHxymvLxqxQ/hY1g0ol0/iiXUrVFGZBBq4h5gD05c7Gw9rRrcrvF9XvumBvOghOQzDSZZLRWvFGocA=
+ HOSTNAME.or.HASH.here ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIMnMLHxGS/b6Su98mL/J58FkpEJY/X1mONqhPBuFX5sJ
+
On the server-side (for Savannah Hackers):
address@hidden:/# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [313] SshAccess: Updated host keys,
bob <=