On 2014-08-28 15:08, Sytse Sijbrandij wrote: > This is normal for all new servers you connect to with ssh.
Sytse, I know that. In my email I complaint that there is no information about the real/valid/expected fingerprint in the hosted GitLab webpage/documentation which I could use to verify that SSH (in the first try) tries to connect to the real server (not fake server used in the man-in-the-middle attack). Sure, the chance is negligible, but for paranoids it would be very useful. Marcin > On Mon, Aug 18, 2014 at 3:40 PM, Marcin Zajączkowski <msz...@wp.pl> wrote: >> Hi, >> >> When repository on gitlab.com is used first time on a given computer SSH >> asks about a confirmation of ECDSA (or RSA) fingerprint to prevent a >> man-in-the-middle attack. I wasn't able to find that information in GitLab >> documentation. Is it available somewhere? >> >> If not I think it would be useful to place it somewhere in the documentation >> or in the "SSH keys" section in the user profile. >> >> Marcin >> >> -- >> http://blog.solidsoft.info/ - Working code is not enough -- http://blog.solidsoft.info/ - Working code is not enough -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/53FF2C44.2030703%40wp.pl. For more options, visit https://groups.google.com/d/optout.