Help talk:SSH Fingerprints/login.toolforge.org
Appearance
Rendered with Parsoid
Latest comment: 9 years ago by Billinghurst in topic ECDSA vs. RSA
This page should protected. skalman (talk) 16:51, 30 August 2013 (UTC)
- It is now! :) jeremyb (talk) 23:21, 11 October 2013 (UTC)
- These two too (bastion, gerrit) Help:SSH Fingerprints. Emijrp (talk) 14:32, 5 February 2014 (UTC)
Also, the tools-dev.wmflabs.org fingerprint is missing. Emijrp (talk) 16:42, 5 February 2014 (UTC)
ECDSA vs. RSA
Note that on recent versions of the OpenSSH client, by default, you will get an ECDSA key whose fingerprint does not match the one listed here when connecting. In this case, run the client with the -oHostKeyAlgorithms='ssh-rsa'
option to get the right key with the right fingerprint.--Anders Feder (talk) 22:22, 23 March 2015 (UTC)
- This confused me sometime ago. Yuvipanda could you add a note to the page? He7d3r (talk) 13:54, 25 March 2015 (UTC)
- +1. The ECDSA key fingerprint (which should be added to this page, Yuvipanda, or another admin) is
80:37:58:71:84:99:54:e7:17:dd:c4:be:54:48:41:57
. - You can see that with
mormegil@tools-bastion-01:~$ ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub 256 80:37:58:71:84:99:54:e7:17:dd:c4:be:54:48:41:57 root@tools-bastion-01 (ECDSA)
Indeed, all correct fingerprints should be listed.
$ ssh tools-login.eqiad.wmflabs The authenticity of host 'tools-login.eqiad.wmflabs (<no hostip for proxy command>)' can't be established. ECDSA key fingerprint is 41:db:d9:4f:03:7e:14:20:a6:5b:23:5f:bf:85:42:38. $ ssh tools-login.wmflabs.org The authenticity of host 'tools-login.wmflabs.org (208.80.155.130)' can't be established. ECDSA key fingerprint is 80:37:58:71:84:99:54:e7:17:dd:c4:be:54:48:41:57.
--Nemo 11:08, 3 April 2015 (UTC)
- coren, Yuvipanda, Andrew Bogott is someone updating the fingerprint or informing users which to use? — billinghurst sDrewth 03:21, 16 April 2015 (UTC)
Outdated
In addition to what above:
$ ssh -oHostKeyAlgorithms='ssh-rsa' tools-login.eqiad.wmflabs The authenticity of host 'tools-login.eqiad.wmflabs (<no hostip for proxy command>)' can't be established. RSA key fingerprint is 2b:b2:5d:48:43:f0:27:8a:c1:ab:06:6b:f9:3c:b6:57.
But that key is currently struck in the page. So, who's right? :[ --Nemo 11:09, 3 April 2015 (UTC)