Talk:SSH Fingerprints/tools-login.wmflabs.org

From Wikitech
Jump to navigation Jump to search

This page should protected. skalman (talk) 16:51, 30 August 2013 (UTC)

It is now! :) jeremyb (talk) 23:21, 11 October 2013 (UTC)
These two too (bastion, gerrit) Help:SSH Fingerprints. Emijrp (talk) 14:32, 5 February 2014 (UTC)

Also, the tools-dev.wmflabs.org fingerprint is missing. Emijrp (talk) 16:42, 5 February 2014 (UTC)

ECDSA vs. RSA

Note that on recent versions of the OpenSSH client, by default, you will get an ECDSA key whose fingerprint does not match the one listed here when connecting. In this case, run the client with the -oHostKeyAlgorithms='ssh-rsa' option to get the right key with the right fingerprint.--Anders Feder (talk) 22:22, 23 March 2015 (UTC)

This confused me sometime ago. Yuvipanda could you add a note to the page? He7d3r (talk) 13:54, 25 March 2015 (UTC)
+1. The ECDSA key fingerprint (which should be added to this page, Yuvipanda, or another admin) is 80:37:58:71:84:99:54:e7:17:dd:c4:be:54:48:41:57.
You can see that with
mormegil@tools-bastion-01:~$ ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub
256 80:37:58:71:84:99:54:e7:17:dd:c4:be:54:48:41:57  root@tools-bastion-01 (ECDSA)
--mormegil (talk) 14:33, 31 March 2015 (UTC)

Indeed, all correct fingerprints should be listed.

$ ssh tools-login.eqiad.wmflabs
The authenticity of host 'tools-login.eqiad.wmflabs (<no hostip for proxy command>)' can't be established.
ECDSA key fingerprint is 41:db:d9:4f:03:7e:14:20:a6:5b:23:5f:bf:85:42:38.
$ ssh tools-login.wmflabs.org
The authenticity of host 'tools-login.wmflabs.org (208.80.155.130)' can't be established.
ECDSA key fingerprint is 80:37:58:71:84:99:54:e7:17:dd:c4:be:54:48:41:57.

--Nemo 11:08, 3 April 2015 (UTC)

coren, Yuvipanda, Andrew Bogott is someone updating the fingerprint or informing users which to use? — billinghurst sDrewth 03:21, 16 April 2015 (UTC)

Outdated

In addition to what above:

$ ssh -oHostKeyAlgorithms='ssh-rsa' tools-login.eqiad.wmflabs
The authenticity of host 'tools-login.eqiad.wmflabs (<no hostip for proxy command>)' can't be established.
RSA key fingerprint is 2b:b2:5d:48:43:f0:27:8a:c1:ab:06:6b:f9:3c:b6:57.

But that key is currently struck in the page. So, who's right? :[ --Nemo 11:09, 3 April 2015 (UTC)