#698 Add SHA:256 fingerprint to ssh_info
Closed: Fixed None Opened 8 years ago by till.

OpenSSH now supports SHA256 fingerprints, they look like this:
SHA256:Gddkd5H7oQ1RaK8WgXSKl7JZP+FgLyidmxbLercJ/JY

https://pagure.io/ssh_info should be updated to also contain the SHA256 fingerprint.


Do you know the sha:256 of pagure.io?

On Fri, Feb 05, 2016 at 11:41:51AM +0000, pagure@pagure.io wrote:

Do you know the sha:256 of pagure.io?

It should be the one in the example. You can verify it with
ssh-keygen -l -f ~/.ssh/known_hosts | grep pagure

from Fedora 23.

In 4812bc39e (Add the SHA256 of the ssh key, 2016-05-28) the SHA256
fingerprints were added to the wrong section. The stg.pagure.io
fingerprint is in the pagure.io section and vice versa. The MD5
fingerprints are correct.

This can be confirmed by checking the output of ssh-keygen with the SSH
pubkey values for each host:

$ for i in {stg.,}pagure.io.pub; do echo $i; cat $i; for hash in sha256 md5; do ssh-keygen -l -E $hash -f $i; done; echo; done
stg.pagure.io.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJNu490Rp305zGCJLvhVIrKjL7Xngew3NxgRYeopHBDvj+EFQUqULXtgrI5nUBMSB94RrsuHynFAXYy2m0snHjWzWjbIxM4ZVD2sX4GiKX6qu7WyxcGmGcL08MF919r+JSPL9oWWSq/CvvBF0M1eeqkIpjMZHpVKgR3uTMD5yW994NBLAQi9i1UdwGYNQc1KqWvlvW1XhFFtiIGscIFGRKsUOMvnJvWdU6T+djmzMy4hcahxnsPCZxCjbQpuH1JjihNNVWYOq7Ztjs1gxpTTV19ATp4Z2F95uyyQ3Y+Em9KeXcKXYxwVzYVho5SSB1ZYBL+xAH1osK23PvGD39UYp9
2048 SHA256:x4xld/tPdeOhbyJcTOxd+IbSZ4OpnBzh/IskocyrOME stg.pagure.io.pub (RSA)
2048 MD5:69:50:46:24:c7:94:44:f8:8d:83:05:5c:eb:73:fb:c4 stg.pagure.io.pub (RSA)

pagure.io.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC198DWs0SQ3DX0ptu+8Wq6wnZMrXUCufN+wdSCtlyhHUeQ3q5B4Hgto1n2FMj752vToCfNTn9mWO7l2rNTrKeBsELpubl2jECHu4LqxkRVihu5UEzejfjiWNDN2jdXbYFY27GW9zymD7Gq3u+T/Mkp4lIcQKRoJaLobBmcVxrLPEEJMKI4AJY31jgxMTnxi7KcR+U5udQrZ3dzCn2BqUdiN5dMgckr4yNPjhl3emJeVJ/uhAJrEsgjzqxAb60smMO5/1By+yF85Wih4TnFtF4LwYYuxgqiNv72Xy4D/MGxCqkO/nH5eRNfcJ+AJFE7727F7Tnbo4xmAjilvRria/+l
2048 SHA256:Gddkd5H7oQ1RaK8WgXSKl7JZP+FgLyidmxbLercJ/JY pagure.io.pub (RSA)
2048 MD5:90:8e:7f:a3:f7:f1:70:cb:56:77:96:17:44:c4:fc:82 pagure.io.pub (RSA)

I'll attach a patch to fix this. (I didn't find any better way to supply patches to the fedora-infrastructure ansible repo. If there is a preferred method, let me know.)
0001-pagure-Fix-SHA256-hashes-for-pagure.io-and-stg.pagur.patch

The better way would have been to open a ticket against the fedora-infrastructure project: https://pagure.io/fedora-infrastructure/ but since it's here, I'll just apply the patch.

Many thanks for this, nice catch! :)

Cool, thanks. I did have the fedora-infra project page open and debated filing it there, but since it didn't have an ansible repo connection I figured I'd just be attaching a patch there too. So I took a chance that adding a comment here might re-open or allow me to re-open this ticket.

(This came up while filing a pull request for fedora-packager, so I was trying hard not to get too distracted from that task -- if I were a superhero my weakness would be an inability to not follow tangents. ;)

Thanks to both you and Till for adding the SHA256 fingerprint and for having the link to that in the footer of every page.

Log in to comment on this ticket.

Metadata