Re: Fingerprints/RSA keys for gnome servers

From: Owen Taylor <otaylor redhat com>
To: Lars Clausen <lars raeder dk>
Cc: gnome-infrastructure gnome org
Subject: Re: Fingerprints/RSA keys for gnome servers
Date: Mon, 06 Feb 2006 16:48:18 -0500

On Mon, 2006-02-06 at 20:07 +0100, Lars Clausen wrote:
> Hi Intrastructricians!
> 
> While readying a (long overdue) release of Dia, I was greeted with
> warnigs from SSH about both IP and RSA key having changed for
> master.gnome.org.  Poking around on the wiki and web pages and scanning
> the mailing list archives has not given me any indication of what the
> correct keys are.  Would it be possible to have the fingerprints of the
> servers either on the Wiki and/or sent to the mailing list when changed,
> so we can check them upon connecting?

The key for master.gnome.org was last changed in March 2004, as part of
a big change in server configuration. Notification of the new
server keys was actually sent to all users at that time as part of the
process to establish SSH keys, if I recall correctly.

I'm not sure the Wiki (or anywhere on the server) is the best place
to put SSH keys, since if someone can DNS spoof the SSH server
for you, they can presumably DNS spoof the web server as well :-)

Since there are no user passwords for the gnome.org servers, in general
the dangers of logging in to the wrong server should be pretty small.
Somebody might manage to steal a copy of the dia release a few minutes
in advance...

Regards,
					Owen

(*) There are things that you could do to make that harder, yes, like
    checking cached copies of the page with the keys.

Follow-Ups:
- Re: Fingerprints/RSA keys for gnome servers
  - From: Toni Willberg

References:
- Fingerprints/RSA keys for gnome servers
  - From: Lars Clausen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]