[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] new vcs server ssh host key fingerprint
From: |
Bob Proulx |
Subject: |
Re: [Savannah-hackers-public] new vcs server ssh host key fingerprint |
Date: |
Fri, 13 Jan 2017 00:40:33 -0700 |
User-agent: |
NeoMutt/20161126 (1.7.1) |
Hello Mike,
Mike Miller wrote:
> Please cc me in replies, I am not subscribed.
...
> In a previous thread on this list, I see discussion of moving to the new
> server with new ssh host keys, but I haven't been able to find an actual
> fingerprint published anywhere.
The discussion about ssh host keys is:
http://lists.gnu.org/archive/html/savannah-hackers-public/2016-10/msg00021.html
http://lists.gnu.org/archive/html/savannah-hackers-public/2016-10/msg00022.html
http://lists.gnu.org/archive/html/savannah-hackers-public/2016-11/msg00000.html
Because of the flexibility to be able to switch back and forth while
working on the various version control systems we went with option 3
described there. (And we have used that capability a few times
already.) I cloned the old host keys onto the new system. Therefore
if you have the hostnames in your known_hosts for the previous system
you should not get a key change warning using the same hostname on the
new system. If your ssh warns on IP address changes that will be the
only difference.
However once the migration is complete, still some ways off, we plan
on regenerating new host keys of a longer length. The previous keys
are 1024 bits long and certainly longer keys are desirable today.
In the meantime if you clear your entry for a service on the new host
then upon connecting again your ssh client should negotiate the newer
key ciphers.
> Can you post the new server's fingerprint, preferably both the md5 and
> sha256 fingerprints, or point me to where they are posted?
1024 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5 (RSA)
256 65:b8:1c:2f:82:7c:0e:39:e1:4a:63:f2:13:10:e8:9c (ECDSA)
256 14:7b:c8:98:dd:06:08:97:8c:00:9d:d2:ae:85:c8:82 (ED25519)
1024 SHA256:FYkx0iik+iBeCLRzvUyUSTRT98TEBBJoYuQsTXbyGL8 (RSA)
256 SHA256:qRLLJ4w/GAeiDyYnbx4yWJbZXwGiYYxgNty7lAfUyuM (ECDSA)
256 SHA256:o/oI4CKKcWc4cZvDFEdmOXsE3tiPP8bWa04h4bQjtV4 (ED25519)
hg.savannah.gnu.org ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAzFQovi+67xa+wymRz9u3plx0ntQnELBoNU4SCl3RkwSFZkrZsRTC0fTpOKatQNs1r/BLFoVt21oVFwIXVevGQwB+Lf0Z+5w9qwVAQNu/YUAFHBPTqBze4wYK/gSWqQOLoj7rOhZk0xtAS6USqcfKdzMdRWgeuZ550P6gSzEHfv0=
hg.savnnah.gnu.org ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP9c1Z2f4OHxymvLxqxQ/hY1g0ol0/iiXUrVFGZBBq4h5gD05c7Gw9rRrcrvF9XvumBvOghOQzDSZZLRWvFGocA=
hg.savannah.gnu.org ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIMnMLHxGS/b6Su98mL/J58FkpEJY/X1mONqhPBuFX5sJ
The RSA key is the same on both servers. The old server does not have
the newer ciphers.
> Eventually it would be good to update
> https://savannah.gnu.org/maintenance/SshAccess/, but I understand this
> migration is still a work in progress.
Agreed. Unfortunately the documentation in general is a garget rich
environment for improvement. The documentation is definitely an area
where anyone could jump in and help significantly.
Bob
signature.asc
Description: PGP signature