Closed Bug 1239049 Opened 6 years ago Closed 6 years ago

Update doc mozreview/install.rst with SHA256 host keys

Categories

(MozReview Graveyard :: General, defect)

defect
Not set
minor

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: ng, Assigned: gps)

Details

Post OpenSSH 6.8 (March 2015) SHA256 host keys are preferred, and displayed to the user when asked to confirm a new host key.  The document only contains the old style MD5 keys, which won't match what is displayed to the user. It would be good to additionally list the SHA256 host keys, with a note about the deprecation of MD5 host keys.

Here is a simple script to produce the keys:

#!/bin/sh
cd /tmp
ssh-keyscan reviewboard-hg.mozilla.org > reviewboard-hg.mozilla.org.pub
# Get the SHA256 key (the new default that people see when being asked to verify the fingerprint)
# Note: the format is now a base 64 string
ssh-keygen -lf reviewboard-hg.mozilla.org.pub -E sha256
# Get the MD5 key (the old/deprecated)
ssh-keygen -lf reviewboard-hg.mozilla.org.pub -E md5
rm reviewboard-hg.mozilla.org.pub

Here is the output the script yields (at the time of filing):
2048 SHA256:O6C9zLi4leD/mb4lPNmR50R1ampZgeEi7StDEbZDmyA reviewboard-hg.mozilla.org (RSA)
2048 MD5:a6:13:ae:35:2c:20:2b:8d:f4:8d:8e:d7:a8:55:67:97 reviewboard-hg.mozilla.org (RSA)
Thank you for the suggestion. I'll update the docs.
Assignee: nobody → gps
Status: NEW → ASSIGNED
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Apparently the MD5 fingerprint reported in the docs is currently wrong. I'll push a fix-up to correct that.
Product: Developer Services → MozReview
You need to log in before you can comment on or make changes to this bug.