savannah-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-cvs] [313] SshAccess: Updated host keys


From: bob
Subject: [Savannah-cvs] [313] SshAccess: Updated host keys
Date: Mon, 13 Feb 2017 15:40:14 -0500 (EST)

Revision: 313
          
http://svn.sv.gnu.org/viewvc/?view=rev&root=administration&revision=313
Author:   rwp
Date:     2017-02-13 15:38:06 -0500 (Mon, 13 Feb 2017)
Log Message:
-----------
SshAccess: Updated host keys

Modified Paths:
--------------
    trunk/sviki/SshAccess.mdwn

Modified: trunk/sviki/SshAccess.mdwn
===================================================================
--- trunk/sviki/SshAccess.mdwn  2017-02-12 05:49:12 UTC (rev 312)
+++ trunk/sviki/SshAccess.mdwn  2017-02-13 20:38:06 UTC (rev 313)
@@ -120,8 +120,7 @@
 If you get a warning about a fingerprint change, you can check the host
 fingerprint you have stored with for example:
 
-    $ ssh-keygen -l -F git.sv.gnu.org
-    1024 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5 
|1|wU2ra57xIdkRXsEfm1DRa50balE=|G1xDRrb9dpIwjfvx7D9+cRwZl4Q= (RSA)
+    $ ssh-keygen -l -F git.savannah.gnu.org
 
 Your `~/.ssh/known_hosts` file may have hostnames either plain or
 hashed.  The newer default is hashed and the hostname will display as
@@ -131,15 +130,30 @@
 Note that newer ssh defaults to SHA256 rather than MD5 now.  In those
 cases you may need to add -Emd5 in order to show the MD5 version.
 
-At some point vcs.sv.gnu.org will be updated to enable ECDSA and at
-that time you will start to see ECDSA signatures.  Almost certainly
-this documentation will lag behind and need updating after that has
-happened.  If so please report it so that we will remember to update it.
+The keys currently in use on vcs.savannah.gnu.org are the following,
+reported in all of the many various formats.
 
-The key currently in use on vcs.sv.gnu.org is:
+  1024 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5 (RSA)
+  256 65:b8:1c:2f:82:7c:0e:39:e1:4a:63:f2:13:10:e8:9c (ECDSA)
+  256 14:7b:c8:98:dd:06:08:97:8c:00:9d:d2:ae:85:c8:82 (ED25519)
 
-  1024 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5 git.sv.gnu.org (RSA)
+  1024 SHA256:FYkx0iik+iBeCLRzvUyUSTRT98TEBBJoYuQsTXbyGL8 (RSA)
+  256 SHA256:qRLLJ4w/GAeiDyYnbx4yWJbZXwGiYYxgNty7lAfUyuM (ECDSA)
+  256 SHA256:o/oI4CKKcWc4cZvDFEdmOXsE3tiPP8bWa04h4bQjtV4 (ED25519)
 
+Here are samples of ~/known_hosts file entries that would be created
+upon TOFU (Trust On First Use) by ssh when connecting to the version
+control system server.  Here I a giving an example without
+HashKnownHosts set because showing the hash here would not be useful
+for an example.  The `HOSTNAME.or.HASH.here` is meant as a generic
+holder for that field because your system will have something
+different there and there are too many possible host names to document
+all of them.
+
+  HOSTNAME.or.HASH.here ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAIEAzFQovi+67xa+wymRz9u3plx0ntQnELBoNU4SCl3RkwSFZkrZsRTC0fTpOKatQNs1r/BLFoVt21oVFwIXVevGQwB+Lf0Z+5w9qwVAQNu/YUAFHBPTqBze4wYK/gSWqQOLoj7rOhZk0xtAS6USqcfKdzMdRWgeuZ550P6gSzEHfv0=
+  HOSTNAME.or.HASH.here ecdsa-sha2-nistp256 
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP9c1Z2f4OHxymvLxqxQ/hY1g0ol0/iiXUrVFGZBBq4h5gD05c7Gw9rRrcrvF9XvumBvOghOQzDSZZLRWvFGocA=
+  HOSTNAME.or.HASH.here ssh-ed25519 
AAAAC3NzaC1lZDI1NTE5AAAAIMnMLHxGS/b6Su98mL/J58FkpEJY/X1mONqhPBuFX5sJ
+
 On the server-side (for Savannah Hackers):
 
     address@hidden:/# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key




reply via email to

[Prev in Thread] Current Thread [Next in Thread]