gitlab.archlinux.org SSH host key fingerprints

jumperpunk · 2023-01-26 02:04:54

https://gitlab.archlinux.org/help/insta … ngerprints shows the following fingerprints:

ECDSA

SHA256:ffTYUs+2/CIxlriwJzAB46MdwBh4rQxi8T2WxcQAAvA

ED25519

SHA256:YYs60TKl1sayfv16f5fGUwmLjrTJuBywyu8XoAg/Mt4

RSA

SHA256:mm24PGt0S86HZBidzOKsMYwabypsZYTHTjdOLJXZx1k

From my home and work, I see:

$ ssh-keyscan gitlab.archlinux.org 2> /dev/null | ssh-keygen -lf -
256 SHA256:0OBfrHiu/X7HcECLaOQFY3XElaiH3qxcltK6kjH9PRI gitlab.archlinux.org (ECDSA)
256 SHA256:quM6hxvBB2qgz+x3/mdU7hoqBwoOlJrAuiThe3ht0Cc gitlab.archlinux.org (ED25519)
3072 SHA256:dEFgLw+tPon4TBEr6c1ofIWI7VZdVM8fuTXseTztrAw gitlab.archlinux.org (RSA)

It seems unlikely that I'm getting MitM'd from two different locations on the first time that I tried to connect. I'm wondering what keys others are seeing, and if the page needs updated.

lahwaacz · 2023-01-26 03:03:45

You should keyscan the port that gitlab.archlinux.org uses for SSH connections to Gitlab server (which is running inside a container):

$ ssh-keyscan -p 222 gitlab.archlinux.org 2> /dev/null | ssh-keygen -lf -
2048 SHA256:4FgaULKy9bKkKkrtaUjj7SmK02bTwnaUO/ONMgyC7T0 [gitlab.archlinux.org]:222 (RSA)
256 SHA256:cuLVU5xnrqFRB4UNrr0yAwpWfrZ1PQiRoAqq9KMFT44 [gitlab.archlinux.org]:222 (ECDSA)
256 SHA256:pUuc8tXTcCz4yk3Cl3Ijxpyog6tWmfm3ehXV1KFHHOw [gitlab.archlinux.org]:222 (ED25519)

But these are also different from what the website lists...

jumperpunk · 2023-01-27 19:44:49

Interesting. I didn't realize it was running on a non-standard port. Where is that documented? How do we contact the gitlab instance admins to either verify the keys or get the page updated?

Arch Linux

#1 2023-01-26 02:04:54