#89 DNSSEC+SSHFP for SSH key fingerprints of Codeberg?

Open
opened 2 months ago by ikselven · 8 comments

Searching the Codeberg website and the internet unfortunately didn’t come up with any results.

Searching the Codeberg website and the internet unfortunately didn't come up with any results.
Mikaela commented 2 months ago

Do you have any plans for enabling DNSSEC and adding SSHFP records so SSH config could just be told VerifyHostKeyDNS yes ?

Do you have any plans for enabling DNSSEC and adding SSHFP records so SSH config could just be told `VerifyHostKeyDNS yes` ?
hw commented 2 months ago
Owner

@Mikaela : good idea, we will definitely discuss this!

@Mikaela : good idea, we will definitely discuss this!
hw commented 2 months ago
Owner

@ikselven : thank you for bringing this up, we will post these with the next website update!

@ikselven : thank you for bringing this up, we will post these with the next website update!
hw commented 1 month ago
Owner

@ikselven : Fingerprints are now added to the imprint page (accessible from the footer link):

https://codeberg.org/Codeberg/org/src/branch/master/Imprint.md

@ikselven : Fingerprints are now added to the imprint page (accessible from the footer link): https://codeberg.org/Codeberg/org/src/branch/master/Imprint.md
ikselven commented 1 month ago
Poster

Thanks :)

Thanks :)
DarylSun commented 1 month ago

I’m getting this message when I try to verify the SSH connection. The fingerprint shown doesn’t match the fingerprint on the Imprint page.

$ ssh -T git@codeberg.org
The authenticity of host 'codeberg.org (159.69.0.178)' can't be established.
ECDSA key fingerprint is SHA256:T9FYDEHELhVkulEKKwge5aVhVTbqCW0MIRwAfpARs/E.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Am I missing something here?

I'm getting this message when I try to verify the SSH connection. The fingerprint shown doesn't match the fingerprint on the Imprint page. ``` $ ssh -T git@codeberg.org The authenticity of host 'codeberg.org (159.69.0.178)' can't be established. ECDSA key fingerprint is SHA256:T9FYDEHELhVkulEKKwge5aVhVTbqCW0MIRwAfpARs/E. Are you sure you want to continue connecting (yes/no/[fingerprint])? ``` Am I missing something here?
hw commented 1 month ago
Owner

The fingerprint is SHA256-encoded, the table on the imprint page lists the base64 format as used for example by ssh-keyscan.

Your key is correct.

The fingerprint is SHA256-encoded, the table on the imprint page lists the base64 format as used for example by ssh-keyscan. Your key is correct.
DarylSun commented 1 month ago

Thank you!

Thank you!
hw changed title from What are the SSH key fingerprints of Codeberg? to DNSSEC+SSHFP for SSH key fingerprints of Codeberg? 1 month ago
Sign in to join this conversation.
No Milestone
No Assignees
4 Participants
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
Cancel
Save
There is no content yet.