Closed Bug 1239049 Opened 6 years ago Closed 6 years ago
Update doc mozreview/install
.rst with SHA256 host keys
Post OpenSSH 6.8 (March 2015) SHA256 host keys are preferred, and displayed to the user when asked to confirm a new host key. The document only contains the old style MD5 keys, which won't match what is displayed to the user. It would be good to additionally list the SHA256 host keys, with a note about the deprecation of MD5 host keys. Here is a simple script to produce the keys: #!/bin/sh cd /tmp ssh-keyscan reviewboard-hg.mozilla.org > reviewboard-hg.mozilla.org.pub # Get the SHA256 key (the new default that people see when being asked to verify the fingerprint) # Note: the format is now a base 64 string ssh-keygen -lf reviewboard-hg.mozilla.org.pub -E sha256 # Get the MD5 key (the old/deprecated) ssh-keygen -lf reviewboard-hg.mozilla.org.pub -E md5 rm reviewboard-hg.mozilla.org.pub Here is the output the script yields (at the time of filing): 2048 SHA256:O6C9zLi4leD/mb4lPNmR50R1ampZgeEi7StDEbZDmyA reviewboard-hg.mozilla.org (RSA) 2048 MD5:a6:13:ae:35:2c:20:2b:8d:f4:8d:8e:d7:a8:55:67:97 reviewboard-hg.mozilla.org (RSA)
Thank you for the suggestion. I'll update the docs.
Assignee: nobody → gps
Status: NEW → ASSIGNED
https://hg.mozilla.org/hgcustom/version-control-tools/rev/87167c3b8e6cf67ef0feb3786819d23e2f466d48 docs: add SHA-256 host keys for reviewboard-hg.mozilla.org (bug 1239049)
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Apparently the MD5 fingerprint reported in the docs is currently wrong. I'll push a fix-up to correct that.
You need to log in before you can comment on or make changes to this bug.