> On Sep 18, 2014, at 4:53 PM, Donald Stufft <don...@stufft.io> wrote: > >> >> On Sep 18, 2014, at 10:58 AM, Jesus Cea <j...@jcea.es <mailto:j...@jcea.es>> >> wrote: >> >> On 13/09/14 02:34, Benjamin Peterson wrote: >>> I just switched hg.python.org <http://hg.python.org/> from a OSUOSL VM to a >>> Rackspace VM. The >>> new VM is a bit beefier and has what I think is better network >>> connectivity, so hopefully that will improving the speed of repository >>> operations. We also now support HTTPS for repository browsing and >>> cloning, so update all your links to https://hg.python.org >>> <https://hg.python.org/>! IPv6 support >>> has also returned for those who like that sort of thing. >>> >>> Note the host keys changed, so you'll probably have to futz with >>> known_hosts to quiet ssh down. I apologize, but I noticed that that the >>> current RSA host key is 1024 bits, so I decided to upgrade it to 2048 >>> during the transition. >>> >>> Thanks to Donald Stufft for helping me set this up. >> >> I see this fingerprint for HTTPS: >> >> f4:21:58:34:4e:26:dd:55:16:51:2e:ce:6e:58:a8:92:6e:32:c8:50 >> >> I see this fingerprint for SSH: >> >> a0:12:52:50:4a:4b:db:43:ac:65:26:b6:6f:0a:f7:b8 >> > > For the record, here are the SSH host keys on the hg box: > > $ find /etc/ssh -name 'ssh_host_*_key.pub' -exec ssh-keygen -lf {} \; > 256 1d:02:d1:d2:7b:a1:cb:e0:51:65:25:d7:19:dd:4e:74 > /etc/ssh/ssh_host_ed25519_key.pub (ED25519) > 256 f1:53:9d:09:a1:42:8e:33:61:62:64:b1:ef:e9:02:ae > /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA) > 1024 0e:69:7b:9c:f3:d8:d8:83:81:8a:f4:2b:41:51:ab:bb > /etc/ssh/ssh_host_dsa_key.pub (DSA) > 2048 a0:12:52:50:4a:4b:db:43:ac:65:26:b6:6f:0a:f7:b8 > /etc/ssh/ssh_host_rsa_key.pub (RSA) > > Here’s the HTTPS certificate for hg.python.org <http://hg.python.org/>: > > $ openssl x509 -in /etc/ssl/private/hg.python.org.pem -noout -fingerprint > SHA1 Fingerprint=F4:21:58:34:4E:26:DD:55:16:51:2E:CE:6E:58:A8:92:6E:32:C8:50 > > $ openssl x509 -in /etc/ssl/private/hg.python.org.pem -noout -fingerprint > -sha256 > SHA256 > Fingerprint=B2:F7:DD:60:14:CE:F4:EE:B5:46:13:CD:DB:CA:54:B5:24:F1:94:D8:53:91:CD:87:AF:A4:F1:53:29:ED:82:46 > > --- > Donald Stufft > PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA > > _______________________________________________ > python-committers mailing list > python-committers@python.org <mailto:python-committers@python.org> > https://mail.python.org/mailman/listinfo/python-committers > <https://mail.python.org/mailman/listinfo/python-committers>
Just a FYI, I dropped the DSA keys since they were only 1024 bit which is no longer secure against computationally powerful attackers. --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
_______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers
