Well if a MITM attacker tries to use your ssh access to do anything nasty,
another developer will probably notice quite quickly.
(the only nasty thing the ssh access allows you to do is hg push,
IIRC; still, that can trigger code execution on the buildbots)
Sure, but it would be better to
On 3/26/2013 8:39 AM, Roger Serwy wrote:
Well if a MITM attacker tries to use your ssh access to do anything
nasty,
another developer will probably notice quite quickly.
(the only nasty thing the ssh access allows you to do is hg push,
IIRC; still, that can trigger code execution on the
Can someone log into hg.python.org and get the public keys for the
server?
Not me. But from my hosts, I get:
RSA key fingerprint is ec:98:fe:7b:e1:0f:88:c5:93:37:83:64:a4:cc:aa:01.
Well I'm not sure how logging in would be an improvement, since the person
logging in could also be the victim
Also, what is the command to use on the server to get the public key
fingerprint?
Run ssh-keygen -lf /path/to/public/key.pub for the RSA, DSA, and ECDSA
keys.
___
python-committers mailing list
python-committers@python.org
Am 25.03.13 17:34, schrieb Antoine Pitrou:
We have new contributors (who don't have a pre-existing key) use RSA:
http://docs.python.org/devguide/faq.html#id1 .
I was trying to avoid a man-in-the-middle attack by verifying the
server's key fingerprint. Those server fingerprints should be
In addition, the email you sent might be subject to MITM, either when
you were submitting it, or when it was transmitted from python.org to
Roger's SMTP server. So you really need to PGP sign it :-)
And hope that I have Antoine's correct public PGP key... And down the
rabbit hole we go.
On Mon, Mar 25, 2013 at 1:26 AM, Ned Deily n...@acm.org wrote:
On Mar 24, 2013, at 21:51 , Jeffrey Yasskin jyass...@gmail.com wrote:
You missed that ECDSA != DSA.
Good! Someone is paying attention. :=) Should we all be preferring one
for pydev work?
We have new contributors (who don't
Note that I believe ECDSA is now the default for host keys for OpenSSH.
At the least, my systems (Gentoo) switched to them after an upgrade a
a bit a go.
--David
On Mon, 25 Mar 2013 13:29:48 +0100, Christian Heimes christ...@python.org
wrote:
Am 25.03.2013 05:51, schrieb Jeffrey Yasskin:
You
We have new contributors (who don't have a pre-existing key) use RSA:
http://docs.python.org/devguide/faq.html#id1 .
I was trying to avoid a man-in-the-middle attack by verifying the
server's key fingerprint. Those server fingerprints should be documented.
Well if a MITM attacker tries to
Hi All,
What should be the ssh fingerprint be for hg.python.org? I am receiving
63:75:9b:14:b7:b2:dc:e7:cd:42:d7:19:48:6a:68:8e, but I can't verify if
it's correct.
Thank you,
Roger
___
python-committers mailing list
python-committers@python.org
On Mar 24, 2013, at 21:02 , Roger Serwy roger.se...@gmail.com wrote:
What should be the ssh fingerprint be for hg.python.org? I am receiving
63:75:9b:14:b7:b2:dc:e7:cd:42:d7:19:48:6a:68:8e, but I can't verify if it's
correct.
I currently get:
The authenticity of host 'hg.python.org
On Mar 24, 2013, at 21:32 , Roger Serwy roger.se...@gmail.com wrote:
It looks like my ssh is using ECDSA as the host key algorithm by default.
When I force it to use ssh-rsa, then I receive the same fingerprint you have.
Should this be documented somewhere?
I believe RSA keys are
12 matches
Mail list logo