ECDSA key fingerprint validation #7
Labels
No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
No Milestone
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: gitea/gitea.com#7
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
When connecting to host gitea.com:
Where would a user go to verify the EDCSA key of a server?
Where would I, a user of gitea.com, go to verify the key for the gitea.com server, and will (or might) that key change based on load balancing or routing adjustments?
Does self-hosted Gitea have the capability to expose this via a splashpage, perhaps via the same mechanism as the HTTP statuscode pages or the un-authenticated homepage?
@jakimfett this message show up if you clone a repo via ssh or?
So its a feature request fo have the ssh-key info on a page?!?
It looks like we really should be providing a page like:
https://help.github.com/en/github/authenticating-to-github/githubs-ssh-key-fingerprints
@6543 - this message shows up, on user accounts that have not already accepted the key
SHA256:ACNVBMZBdge2YspsYf7jaFM3X9S1FwYzDpatfzD6inw
forgitea.com
.I've already accepted it (because it matches the key I grabbed from a server I've connected to gitea.com successfully, albeit without any sort of key verification, in the past).
What you linked @zeripath is exactly what I was looking for, just...for gitea.com, with the caveat that I don't know anything about the backend infrastructure, and whether that key will change, or if there's a pool of keys, or...
To clarify:
This is a request for someone to confirm that the key I've received is correct, and for this ticket to remain open until/unless there's a way to verify that via gitea itself.
This would be a very useful feature, but I understand if it's a low priority thing.
We have moved to another server, so I think this have changed. Now the fingerprint is
SHA256:Fo6Tm/SLyse8uglFB1JShqQWchU0kcPzSRueD1O9K0I
forgitea.com
.Greatly appreciate you keeping this updated, thank you.