In addition, the email you sent might be subject to MITM, either when
you were submitting it, or when it was transmitted from python.org to
Roger's SMTP server. So you really need to PGP sign it :-)
And hope that I have Antoine's correct public PGP key... And down the
rabbit hole we go.
Tha
Am 25.03.13 17:34, schrieb Antoine Pitrou:
>
>>> We have new contributors (who don't have a pre-existing key) use RSA:
>>> http://docs.python.org/devguide/faq.html#id1 .
>>
>> I was trying to avoid a man-in-the-middle attack by verifying the
>> server's key fingerprint. Those server fingerprints s
On 26/03/2013 20:40, Antoine Pitrou wrote:
Le mardi 26 mars 2013 à 21:42 +0100, "Martin v. Löwis" a écrit :
Am 26.03.13 14:57, schrieb Antoine Pitrou:
Well I'm not sure how logging in would be an improvement, since the person
logging in could also be the victim of a MITM attack ;)
In addition
Am 26.03.13 14:57, schrieb Antoine Pitrou:
> Well I'm not sure how logging in would be an improvement, since the person
> logging in could also be the victim of a MITM attack ;)
In addition, the email you sent might be subject to MITM, either when
you were submitting it, or when it was transmitted
Le mardi 26 mars 2013 à 21:42 +0100, "Martin v. Löwis" a écrit :
> Am 26.03.13 14:57, schrieb Antoine Pitrou:
> > Well I'm not sure how logging in would be an improvement, since the person
> > logging in could also be the victim of a MITM attack ;)
>
> In addition, the email you sent might be subj
Am 26.03.13 13:56, schrieb Eric V. Smith:
> I completely agree. "We'll notice the damage" is not a great reason to
> avoid publishing the fingerprints.
IMO, the proper way is to publish SSHFP records in DNS. Unfortunately,
DynECT currently does not support RFC 6594.
Regards,
Martin
_
Le mardi 26 mars 2013 à 09:03 -0500, Roger Serwy a écrit :
> >
> > Also, what is the command to use on the server to get the public key
> > fingerprint?
> >
> >
> Run "ssh-keygen -lf /path/to/public/key.pub" for the RSA, DSA, and ECDSA
> keys.
$ ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key
256 63:7
Also, what is the command to use on the server to get the public key
fingerprint?
Run "ssh-keygen -lf /path/to/public/key.pub" for the RSA, DSA, and ECDSA
keys.
___
python-committers mailing list
python-committers@python.org
http://mail.python.or
>> Can someone log into hg.python.org and get the public keys for the
>> server?
>
> Not me. But from my hosts, I get:
> RSA key fingerprint is ec:98:fe:7b:e1:0f:88:c5:93:37:83:64:a4:cc:aa:01.
Well I'm not sure how logging in would be an improvement, since the person
logging in could also be the
On 3/26/2013 8:39 AM, Roger Serwy wrote:
>
>> Well if a MITM attacker tries to use your ssh access to do anything
>> nasty,
>> another developer will probably notice quite quickly.
>> (the only "nasty thing" the ssh access allows you to do is "hg push",
>> IIRC; still, that can trigger code execut
Well if a MITM attacker tries to use your ssh access to do anything nasty,
another developer will probably notice quite quickly.
(the only "nasty thing" the ssh access allows you to do is "hg push",
IIRC; still, that can trigger code execution on the buildbots)
Sure, but it would be better to
>> We have new contributors (who don't have a pre-existing key) use RSA:
>> http://docs.python.org/devguide/faq.html#id1 .
>
> I was trying to avoid a man-in-the-middle attack by verifying the
> server's key fingerprint. Those server fingerprints should be documented.
Well if a MITM attacker trie
Note that I believe ECDSA is now the default for host keys for OpenSSH.
At the least, my systems (Gentoo) switched to them after an upgrade a
a bit a go.
--David
On Mon, 25 Mar 2013 13:29:48 +0100, Christian Heimes
wrote:
> Am 25.03.2013 05:51, schrieb Jeffrey Yasskin:
> > You missed that ECDSA
We have new contributors (who don't have a pre-existing key) use RSA:
http://docs.python.org/devguide/faq.html#id1 .
I was trying to avoid a man-in-the-middle attack by verifying the
server's key fingerprint. Those server fingerprints should be documented.
Am 25.03.2013 05:51, schrieb Jeffrey Yasskin:
> You missed that ECDSA != DSA.
Yeah, Elliptic Curve DSA is as secure as RSA while using much shorter
keys. ECDSA verification used to be much slower so you may want to
prefer RSA for short time connections like hg pull and push.
Christian
___
On Mon, Mar 25, 2013 at 1:26 AM, Ned Deily wrote:
>
> On Mar 24, 2013, at 21:51 , Jeffrey Yasskin wrote:
>
> > You missed that ECDSA != DSA.
>
>
> Good! Someone is paying attention. :=) Should we all be preferring one
> for pydev work?
We have new contributors (who don't have a pre-existing k
On Mar 24, 2013, at 21:51 , Jeffrey Yasskin wrote:
> You missed that ECDSA != DSA.
Good! Someone is paying attention. :=) Should we all be preferring one for
pydev work?
--
Ned Deily
n...@acm.org -- []
___
python-committers mailing list
pyth
You missed that ECDSA != DSA.
On Sun, Mar 24, 2013 at 9:47 PM, Ned Deily wrote:
>
> On Mar 24, 2013, at 21:32 , Roger Serwy wrote:
>
>> It looks like my ssh is using ECDSA as the host key algorithm by default.
>> When I force it to use ssh-rsa, then I receive the same fingerprint you have.
>>
>
On Mar 24, 2013, at 21:32 , Roger Serwy wrote:
> It looks like my ssh is using ECDSA as the host key algorithm by default.
> When I force it to use ssh-rsa, then I receive the same fingerprint you have.
>
> Should this be documented somewhere?
I believe RSA keys are generally recommended for
On 03/24/2013 11:10 PM, Ned Deily wrote:
On Mar 24, 2013, at 21:02 , Roger Serwy wrote:
What should be the ssh fingerprint be for hg.python.org? I am receiving
63:75:9b:14:b7:b2:dc:e7:cd:42:d7:19:48:6a:68:8e, but I can't verify if it's
correct.
I currently get:
The authenticity of host 'hg.
On Mar 24, 2013, at 21:02 , Roger Serwy wrote:
> What should be the ssh fingerprint be for hg.python.org? I am receiving
> 63:75:9b:14:b7:b2:dc:e7:cd:42:d7:19:48:6a:68:8e, but I can't verify if it's
> correct.
I currently get:
The authenticity of host 'hg.python.org (140.211.10.72)' can't be e
Hi All,
What should be the ssh fingerprint be for hg.python.org? I am receiving
63:75:9b:14:b7:b2:dc:e7:cd:42:d7:19:48:6a:68:8e, but I can't verify if
it's correct.
Thank you,
Roger
___
python-committers mailing list
python-committers@python.org
htt
22 matches
Mail list logo
