This message serves as a notice that the *SSH host keys* for hg.mozilla.org will be rotated in the next ~24 hours.
When connecting to hg.mozilla.org over SSH, your SSH client should warn that host keys have changed and refuse to connect until accepting/trusting the new host key. After 1st host key verification failure: 1) `ssh-keygen -R hg.mozilla.org` to remove the old host key 2) `ssh hg.mozilla.org` and verify the fingerprint of the new key matches one of the following: 256 SHA256:7MBAdqLe8+aSYkv+5/2LUUxd+WdgYcVSV+ZQVEKA7jA hg.mozilla.org (ED25519) 256 SHA1:Ft++OU96cvaREKNFCJ6AiuCpGac hg.mozilla.org (ED25519) 256 MD5:96:eb:3b:78:f5:ca:19:e2:0c:a0:95:ea:04:28:7d:26 hg.mozilla.org (ED25519) 4096 SHA256:RX2OK8A1KNWdxyu6ibIPeEGLBzc5vyQW/wd7RKjBehc hg.mozilla.org (RSA) 4096 SHA1:p2MGe4wSw8ZnQ5J9ShBk/6VA+Co hg.mozilla.org (RSA) 4096 MD5:1c:f9:cf:76:de:b8:46:d6:5a:a3:00:8d:3b:0c:53:77 hg.mozilla.org (RSA) Q: What host key types were changed? We dropped the DSA host key and added a ED25519 host key. The length of the RSA key has been increased from 2048 to 4096 bits. Q: Does this impact connections to https://hg.mozilla.org/? No. The x509 certificate to the https:// endpoint is remaining unchanged at this time. Q: Why is this being done? We are modernizing the server infrastructure of hg.mozilla.org. As part of this, we're bringing the hosts in compliance with Mozilla's SSH security guidelines (https://wiki.mozilla.org/Security/Guidelines/OpenSSH).
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
