Hello Mike, Mike Miller wrote: > Please cc me in replies, I am not subscribed. ... > In a previous thread on this list, I see discussion of moving to the new > server with new ssh host keys, but I haven't been able to find an actual > fingerprint published anywhere.
The discussion about ssh host keys is: http://lists.gnu.org/archive/html/savannah-hackers-public/2016-10/msg00021.html http://lists.gnu.org/archive/html/savannah-hackers-public/2016-10/msg00022.html http://lists.gnu.org/archive/html/savannah-hackers-public/2016-11/msg00000.html Because of the flexibility to be able to switch back and forth while working on the various version control systems we went with option 3 described there. (And we have used that capability a few times already.) I cloned the old host keys onto the new system. Therefore if you have the hostnames in your known_hosts for the previous system you should not get a key change warning using the same hostname on the new system. If your ssh warns on IP address changes that will be the only difference. However once the migration is complete, still some ways off, we plan on regenerating new host keys of a longer length. The previous keys are 1024 bits long and certainly longer keys are desirable today. In the meantime if you clear your entry for a service on the new host then upon connecting again your ssh client should negotiate the newer key ciphers. > Can you post the new server's fingerprint, preferably both the md5 and > sha256 fingerprints, or point me to where they are posted? 1024 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5 (RSA) 256 65:b8:1c:2f:82:7c:0e:39:e1:4a:63:f2:13:10:e8:9c (ECDSA) 256 14:7b:c8:98:dd:06:08:97:8c:00:9d:d2:ae:85:c8:82 (ED25519) 1024 SHA256:FYkx0iik+iBeCLRzvUyUSTRT98TEBBJoYuQsTXbyGL8 (RSA) 256 SHA256:qRLLJ4w/GAeiDyYnbx4yWJbZXwGiYYxgNty7lAfUyuM (ECDSA) 256 SHA256:o/oI4CKKcWc4cZvDFEdmOXsE3tiPP8bWa04h4bQjtV4 (ED25519) hg.savannah.gnu.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzFQovi+67xa+wymRz9u3plx0ntQnELBoNU4SCl3RkwSFZkrZsRTC0fTpOKatQNs1r/BLFoVt21oVFwIXVevGQwB+Lf0Z+5w9qwVAQNu/YUAFHBPTqBze4wYK/gSWqQOLoj7rOhZk0xtAS6USqcfKdzMdRWgeuZ550P6gSzEHfv0= hg.savnnah.gnu.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP9c1Z2f4OHxymvLxqxQ/hY1g0ol0/iiXUrVFGZBBq4h5gD05c7Gw9rRrcrvF9XvumBvOghOQzDSZZLRWvFGocA= hg.savannah.gnu.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnMLHxGS/b6Su98mL/J58FkpEJY/X1mONqhPBuFX5sJ The RSA key is the same on both servers. The old server does not have the newer ciphers. > Eventually it would be good to update > https://savannah.gnu.org/maintenance/SshAccess/, but I understand this > migration is still a work in progress. Agreed. Unfortunately the documentation in general is a garget rich environment for improvement. The documentation is definitely an area where anyone could jump in and help significantly. Bob
signature.asc
Description: PGP signature
