Searching the Codeberg website and the internet unfortunately didn't come up with any results.
Searching the Codeberg website and the internet unfortunately didn't come up with any results.
DNSSEC+SSHFP for SSH key fingerprints of Codeberg? #89
Open
opened 2019年09月28日 16:35:54 +02:00 by ikselven
·
12 comments
Aminda
commented 2019年09月29日 12:36:18 +02:00
Do you have any plans for enabling DNSSEC and adding SSHFP records so SSH config could just be told VerifyHostKeyDNS yes ?
Do you have any plans for enabling DNSSEC and adding SSHFP records so SSH config could just be told `VerifyHostKeyDNS yes` ?
hw
commented 2019年09月29日 21:31:24 +02:00
@Mikaela : good idea, we will definitely discuss this!
@Mikaela : good idea, we will definitely discuss this!
hw
commented 2019年09月29日 21:32:05 +02:00
@ikselven : thank you for bringing this up, we will post these with the next website update!
@ikselven : thank you for bringing this up, we will post these with the next website update!
hw
commented 2019年10月08日 16:27:48 +02:00
@ikselven : Fingerprints are now added to the imprint page (accessible from the footer link):
https://codeberg.org/Codeberg/org/src/branch/master/Imprint.md
@ikselven : Fingerprints are now added to the imprint page (accessible from the footer link):
https://codeberg.org/Codeberg/org/src/branch/master/Imprint.md
Ghost
commented 2019年10月25日 23:21:28 +02:00
I'm getting this message when I try to verify the SSH connection. The fingerprint shown doesn't match the fingerprint on the Imprint page.
$ ssh -T git@codeberg.org
The authenticity of host 'codeberg.org (159.69.0.178)' can't be established.
ECDSA key fingerprint is SHA256:T9FYDEHELhVkulEKKwge5aVhVTbqCW0MIRwAfpARs/E.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Am I missing something here?
I'm getting this message when I try to verify the SSH connection. The fingerprint shown doesn't match the fingerprint on the Imprint page.
```
$ ssh -T git@codeberg.org
The authenticity of host 'codeberg.org (159.69.0.178)' can't be established.
ECDSA key fingerprint is SHA256:T9FYDEHELhVkulEKKwge5aVhVTbqCW0MIRwAfpARs/E.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
```
Am I missing something here?
hw
commented 2019年10月25日 23:44:33 +02:00
The fingerprint is SHA256-encoded, the table on the imprint page lists the base64 format as used for example by ssh-keyscan.
Your key is correct.
The fingerprint is SHA256-encoded, the table on the imprint page lists the base64 format as used for example by ssh-keyscan.
Your key is correct.
Ghost
commented 2019年10月26日 09:01:02 +02:00
Thank you!
Thank you!
hw
changed title from (削除) What are the SSH key fingerprints of Codeberg? (削除ここまで) to DNSSEC+SSHFP for SSH key fingerprints of Codeberg? 2019年11月02日 00:01:18 +01:00
6543
closed this issue 2020年12月03日 01:52:00 +01:00
douram
commented 2020年12月17日 21:18:20 +01:00
Why was this closed? SSHFP is still missing and a wanted feature
Why was this closed? SSHFP is still missing and a wanted feature
6543
reopened this issue 2020年12月17日 21:40:11 +01:00
hw
commented 2020年12月17日 21:42:12 +01:00
SSHFP only or DNSSEC+SSHFP? (The former probably quick'n'easy, the latter quite some effort)
SSHFP only or DNSSEC+SSHFP? (The former probably quick'n'easy, the latter quite some effort)
douram
commented 2020年12月17日 22:18:05 +01:00
SSHFP without DNSSEC is quite pointless since it could be spoofed then
SSHFP without DNSSEC is quite pointless since it could be spoofed then
fnetX
added the 2021年04月07日 23:53:55 +02:00
infrastructure
label
diffrentcolours
commented 2023年11月12日 14:13:40 +01:00
As a new user I was curious about this. I looked into it - it seems that codeberg.org's DNS records live on ns{1,2,3}.dnsowl.com. which is provided by Namesilo as a registrar.
Looking at Namesilo's support, they allow customers to add their own DS records, but they don't seem to manage DNSSEC for you. My own registrar, Mythic Beasts, provides managed DNSSEC.
If Codeberg wanted to provide DNSSEC, it may be easier to switch registrar than attempt to manage it directly. But once DNSSEC is provided, SSHFP records become useful.
As a new user I was curious about this. I looked into it - it seems that codeberg.org's DNS records live on `ns{1,2,3}.dnsowl.com.` which is provided by [Namesilo](https://www.namesilo.com/) as a registrar.
Looking at Namesilo's support, they allow customers to [add their own DS records](https://www.namesilo.com/support/v2/articles/domain-manager/ds-records), but they don't seem to manage DNSSEC for you. My own registrar, Mythic Beasts, provides [managed DNSSEC](https://www.mythic-beasts.com/blog/2016/03/04/one-click-dnssec-public-beta/).
If Codeberg wanted to provide DNSSEC, it may be easier to switch registrar than attempt to manage it directly. But once DNSSEC is provided, SSHFP records become useful.
Sign in to join this conversation.
Labels
Clear labels
Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
Something is not working the way it should. Does not concern outages.
Errors evidently caused by infrastructure malfunctions or outages
This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
Please join the discussion and consider contributing a PR!
No bug, but an improvement to the docs or UI description will help
This issue or pull request already exists
New feature
Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
An issue directly involving legal compliance
involving questions about the ToS, especially licencing compliance
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
Things related to Codeberg's external communication
More information is needed
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
Related to Forgejo. Please also check Forgejo's issue tracker.
Migration related issues in Forgejo
Issues related to the Codeberg Pages feature
Issue is related to the Weblate instance at https://translate.codeberg.org
Woodpecker CI related issue
involves improvements to the sites security
Add a new service to the Codeberg ecosystem (instead of implementing into Gitea)
An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Gitea, Forgejo, etc.)
Codeberg's current set of contributors are not planning to spend time on delegating this issue.
accessibility
Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug
Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg
This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome
Please join the discussion and consider contributing a PR!
docs
No bug, but an improvement to the docs or UI description will help
duplicate
This issue or pull request already exists
enhancement
New feature
infrastructure
Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal
An issue directly involving legal compliance
licence / ToS
involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations
Things related to Codeberg's external communication
question
More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo
Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration
Migration related issues in Forgejo
s/Pages
Issues related to the Codeberg Pages feature
s/Weblate
Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker
Woodpecker CI related issue
security
involves improvements to the sites security
service
Add a new service to the Codeberg ecosystem (instead of implementing into Gitea)
upstream
An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Gitea, Forgejo, etc.)
wontfix
Codeberg's current set of contributors are not planning to spend time on delegating this issue.
No labels
accessibility
bug
bug
infrastructure
Codeberg
contributions welcome
docs
duplicate
enhancement
infrastructure
legal
licence / ToS
please chill
we are volunteers
public relations
question
question
user support
s/Forgejo
s/Forgejo/migration
s/Pages
s/Weblate
s/Woodpecker
security
service
upstream
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
6 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".
No due date set.
Dependencies
No dependencies set.
Reference
Codeberg/Community#89
Loading...
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?