You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1.7 KiB

key title parent order
SSHFingerprint Verifying you're connected to Codeberg using SSH fingerprints Security 30

When you connect to Codeberg via SSH, for example to clone or commit, you need to make sure that you're actually connected to Codeberg's servers and not someone else's who's attempting to execute a so-called man-in-the-middle attack.

To protect you against these sort of attacks, SSH will ask you whether or not you want to trust a server the first time you connect to it:

$ git clone
Cloning into 'Documentation' ...
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:T9FYDEHELhVkulEKKwge5aVhVTbqCW0MIRwAfpARs/E.
Are you sure you want to continue connecting (yes/no/[fingerprint])? 

When connecting to Codeberg, it is important that you compare the displayed fingerprint against one of the following fingerprints published by Codeberg:

SHA256:6QQmYi4ppFS4/+zSZ5S4IU+4sa6rwvQ4PbhCtPEBekQ (RSA)
SHA256:mIlxA9k46MmM6qdJOdMnAQpzGxF4WIVVL+fj+wZbw0g (ED25519)

These are the SHA256 versions of the fingerprints published in the Imprint, which are to be considered the authoritative fingerprints for Codeberg.

If they match, you're good to go and can safely use Codeberg via SSH.

If they don't, don't connect because your credentials may be at risk. Please give us a heads-up at