gitea/gitea.com
42
8
Issues 8 Activity

ECDSA key fingerprint validation #7

New Issue
Open
opened 2019-11-11 21:22:11 +00:00 by jakimfett · 5 comments
jakimfett commented 2019-11-11 21:22:11 +00:00
Copy Link

When connecting to host gitea.com:

The authenticity of host 'gitea.com (117.51.152.40)' can't be established.
ECDSA key fingerprint is SHA256:ACNVBMZBdge2YspsYf7jaFM3X9S1FwYzDpatfzD6inw.
Are you sure you want to continue connecting (yes/no)?

Where would a user go to verify the EDCSA key of a server?
Where would I, a user of gitea.com, go to verify the key for the gitea.com server, and will (or might) that key change based on load balancing or routing adjustments?

Does self-hosted Gitea have the capability to expose this via a splashpage, perhaps via the same mechanism as the HTTP statuscode pages or the un-authenticated homepage?

When connecting to host gitea.com: ``` The authenticity of host 'gitea.com (117.51.152.40)' can't be established. ECDSA key fingerprint is SHA256:ACNVBMZBdge2YspsYf7jaFM3X9S1FwYzDpatfzD6inw. Are you sure you want to continue connecting (yes/no)? ``` Where would a user go to verify the EDCSA key of a server? Where would I, a user of gitea.com, go to verify the key for the gitea.com server, and will (or might) that key change based on load balancing or routing adjustments? Does self-hosted Gitea have the capability to expose this via a splashpage, perhaps via the same mechanism as the HTTP statuscode pages or the un-authenticated homepage?
6543 added the
question
 label 2019-11-12 13:55:28 +00:00
6543 commented 2019-11-12 13:57:03 +00:00
Owner
Copy Link

@jakimfett this message show up if you clone a repo via ssh or?

So its a feature request fo have the ssh-key info on a page?!?

@jakimfett this message show up if you clone a repo via ssh or? So its a feature request fo have the ssh-key info on a page?!?
zeripath commented 2019-11-12 14:05:23 +00:00
Owner
Copy Link

It looks like we really should be providing a page like:

https://help.github.com/en/github/authenticating-to-github/githubs-ssh-key-fingerprints

It looks like we really should be providing a page like: https://help.github.com/en/github/authenticating-to-github/githubs-ssh-key-fingerprints
👍 5
jakimfett commented 2019-11-14 18:13:26 +00:00
Author
Copy Link

@6543 - this message shows up, on user accounts that have not already accepted the key SHA256:ACNVBMZBdge2YspsYf7jaFM3X9S1FwYzDpatfzD6inw for gitea.com.

I've already accepted it (because it matches the key I grabbed from a server I've connected to gitea.com successfully, albeit without any sort of key verification, in the past).

What you linked @zeripath is exactly what I was looking for, just...for gitea.com, with the caveat that I don't know anything about the backend infrastructure, and whether that key will change, or if there's a pool of keys, or...

To clarify:
This is a request for someone to confirm that the key I've received is correct, and for this ticket to remain open until/unless there's a way to verify that via gitea itself.

This would be a very useful feature, but I understand if it's a low priority thing.

@6543 - this message shows up, on user accounts that have not already accepted the key `SHA256:ACNVBMZBdge2YspsYf7jaFM3X9S1FwYzDpatfzD6inw` for `gitea.com`. I've already accepted it (because it matches the key I grabbed from a server I've connected to gitea.com successfully, albeit without any sort of key verification, in the past). What you linked @zeripath is *exactly* what I was looking for, just...for gitea.com, with the caveat that I don't know anything about the backend infrastructure, and whether that key will change, or if there's a pool of keys, or... --- To clarify: This is a request for someone to confirm that the key I've received is correct, and for this ticket to remain open until/unless there's a way to verify that via gitea itself. This would be a very useful feature, but I understand if it's a low priority thing.
👍 1
lunny commented 2020-10-24 08:34:07 +00:00
Owner
Copy Link

We have moved to another server, so I think this have changed. Now the fingerprint is SHA256:Fo6Tm/SLyse8uglFB1JShqQWchU0kcPzSRueD1O9K0I for gitea.com.

We have moved to another server, so I think this have changed. Now the fingerprint is `SHA256:Fo6Tm/SLyse8uglFB1JShqQWchU0kcPzSRueD1O9K0I` for `gitea.com`.
👍 1
jakimfett commented 2020-12-03 20:58:04 +00:00
Author
Copy Link

Greatly appreciate you keeping this updated, thank you.

Greatly appreciate you keeping this updated, thank you.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/gitea.com#7
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?