Jump to content

Help talk:SSH Fingerprints

From Wikitech
Latest comment: 2 years ago by BCornwall in topic Old OpenSSH mention can be removed

Missing item - 2014

tools-submit fingerprint is missing. I got a message when trying to do crontab -l. 6e:33:c3:... Emijrp (talk) 13:48, 11 May 2014 (UTC)Reply

Other instances

  • Go to Special:NovaInstance and click "get console output" on the relevant row, search the fingerprint in the output.

Remotely through a proxy

The Python script does not work if the domain is not publicly reachable (since ssh-keyscan ignores ProxyCommand) and the bastions have an old OpenSSH version that does not understand sha256 so running there does not help. To make the script work add something like

proxy = 'bast1001.wikimedia.org'
remoteKeyscanCommand = 'ssh', proxy, ' '.join(keyscanCommand)
subprocess.call(remoteKeyscanCommand, ...

I don't really get the point of this script, though. Doesn't this just fetch the fingerprint of wherever the domain currently points to, though? How does that protect against an MITM? --tgr (talk) 07:42, 29 April 2017 (UTC)Reply

Shebang

A shebang update is perhaps needed: #!/usr/bin/python3#!/usr/bin/env python3

Please add

  • login-trusty.tools.wmflabs.org
  • login-stretch.tools.wmflabs.org

--Emijrp (talk) 09:00, 8 February 2019 (UTC)Reply

Added

GTirloni (talk) 00:55, 9 February 2019 (UTC)Reply

Old OpenSSH mention can be removed

It's been the better part of a decade now, I don't think it's necessary to talk about that old version. :)

Yes Done (1986562) --BCornwall (talk) 18:13, 27 June 2022 (UTC)Reply