Help talk:SSH Fingerprints
- Go to Special:NovaInstance and click "get console output" on the relevant row, search the fingerprint in the output.
Remotely through a proxy
The Python script does not work if the domain is not publicly reachable (since ssh-keyscan ignores ProxyCommand) and the bastions have an old OpenSSH version that does not understand sha256 so running there does not help. To make the script work add something like
proxy = 'bast1001.wikimedia.org' remoteKeyscanCommand = 'ssh', proxy, ' '.join(keyscanCommand) subprocess.call(remoteKeyscanCommand, ...
I don't really get the point of this script, though. Doesn't this just fetch the fingerprint of wherever the domain currently points to, though? How does that protect against an MITM? --tgr (talk) 07:42, 29 April 2017 (UTC)
A shebang update is perhaps needed: