This change was just made (we delayed because we didn't want to take extra risks on a Friday afternoon).
A GPG signed document detailing the current keys is available at https://hg.mozilla.org/hgcustom/version-control-tools/raw-file/tip/docs/vcs-server-info.asc On 3/31/16 2:39 PM, Gregory Szorc wrote: > This message serves as a notice that the *SSH host keys* for > hg.mozilla.org will be rotated in the next ~24 hours. > > When connecting to hg.mozilla.org over SSH, your SSH client should warn > that host keys have changed and refuse to connect until > accepting/trusting the new host key. After 1st host key verification > failure: > > 1) `ssh-keygen -R hg.mozilla.org` to remove the old host key > 2) `ssh hg.mozilla.org` and verify the fingerprint of the new key > matches one of the following: > > 256 SHA256:7MBAdqLe8+aSYkv+5/2LUUxd+WdgYcVSV+ZQVEKA7jA hg.mozilla.org > (ED25519) > 256 SHA1:Ft++OU96cvaREKNFCJ6AiuCpGac hg.mozilla.org (ED25519) > 256 MD5:96:eb:3b:78:f5:ca:19:e2:0c:a0:95:ea:04:28:7d:26 hg.mozilla.org > (ED25519) > > 4096 SHA256:RX2OK8A1KNWdxyu6ibIPeEGLBzc5vyQW/wd7RKjBehc hg.mozilla.org (RSA) > 4096 SHA1:p2MGe4wSw8ZnQ5J9ShBk/6VA+Co hg.mozilla.org (RSA) > 4096 MD5:1c:f9:cf:76:de:b8:46:d6:5a:a3:00:8d:3b:0c:53:77 hg.mozilla.org > (RSA) > > Q: What host key types were changed? We dropped the DSA host key and > added a ED25519 host key. The length of the RSA key has been increased > from 2048 to 4096 bits. > > Q: Does this impact connections to https://hg.mozilla.org/? No. The x509 > certificate to the https:// endpoint is remaining unchanged at this time. > > Q: Why is this being done? We are modernizing the server infrastructure > of hg.mozilla.org. As part of this, we're bringing the hosts in > compliance with Mozilla's SSH security guidelines > (https://wiki.mozilla.org/Security/Guidelines/OpenSSH). > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
