#140 Make ssh public host keys securily available
Closed: Fixed None Opened 9 years ago by till.

afaics, the ssh public key is not made available here via https. Please include the ed25519 key, if there is one.


Could you explain a little more why the user's public ssh key should be made
publicly accessible?

I do not think we do it in FAS and I am not sure to understand the idea.

Thanks

You should be able to reply to this email now @till :)

On Mon, May 18, 2015 at 07:20:54AM +0000, pagure@pagure.io wrote:

Could you explain a little more why the user's public ssh key should
be made
publicly accessible?

Sorry, I meant pagure's ssh host key.

Could you explain a little more why the user's public ssh key should
be made
publicly accessible?

Sorry, I meant pagure's ssh host key.

Where do you think it should be published?
Something like /api/0/ssh_host_key or on the wiki or ? What do you advice?

pagure-mockup.png

Here is an idea: Add a caption to the connection strings at the bottom and then add a link to a page with the keys fingerprints and public hostkeys and maybe some explanatory text. Here is what github does: https://help.github.com/articles/what-are-github-s-ssh-key-fingerprints/

But the whole host key would be nicer because it can be just cppied to the known hosts file without having to compare the fingerprints. Also I would not publish the DSA key, since nobody should use it, but also the ed25519 key.

Looking into the pagure host I see:

  • rsa_key.pub
  • ecdsa_key.pub
  • ed25519_key.pub

Are all three needed?

Do they all have a fingerprint ? (If so, do you know how I can find it?)

Log in to comment on this ticket.

Metadata
Attachments 1
Attached 9 years ago View Comment