* [fingerprint] of github.com
@ 2024-12-28 3:05 A bughunter
2024-12-28 8:07 ` Konstantin Ryabitsev
2024-12-28 13:33 ` rsbecker
0 siblings, 2 replies; 5+ messages in thread
From: A bughunter @ 2024-12-28 3:05 UTC (permalink / raw)
To: git@vger.kernel.org
[-- Attachment #1.1: Type: text/plain, Size: 194 bytes --]
How would you confirm the correct SSH server fingerprint of github.com upon initial connection? Does GitHub post valid FP anywhere?
from A_bughunter@proton.me
Sent from Proton Mail Android
[-- Attachment #1.2: publickey - A_bughunter@proton.me - 0x66540805.asc --]
[-- Type: application/pgp-keys, Size: 705 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 322 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [fingerprint] of github.com
2024-12-28 3:05 [fingerprint] of github.com A bughunter
@ 2024-12-28 8:07 ` Konstantin Ryabitsev
2024-12-28 21:12 ` A bughunter
2024-12-28 13:33 ` rsbecker
1 sibling, 1 reply; 5+ messages in thread
From: Konstantin Ryabitsev @ 2024-12-28 8:07 UTC (permalink / raw)
To: A bughunter; +Cc: git@vger.kernel.org
On Sat, Dec 28, 2024 at 03:05:11AM +0000, A bughunter wrote:
> How would you confirm the correct SSH server fingerprint of github.com upon initial connection? Does GitHub post valid FP anywhere?
Please do a modicum of effort before posting to the list. This is literally
the first hit on the search engines:
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
Additionally, Github specific questions are not really on topic for this list,
unless they have to do with git specifically.
-K (with moderator's hat on)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [fingerprint] of github.com
2024-12-28 8:07 ` Konstantin Ryabitsev
@ 2024-12-28 21:12 ` A bughunter
2024-12-28 22:27 ` Konstantin Ryabitsev
0 siblings, 1 reply; 5+ messages in thread
From: A bughunter @ 2024-12-28 21:12 UTC (permalink / raw)
To: Konstantin Ryabitsev; +Cc: git@vger.kernel.org
[-- Attachment #1.1: Type: text/plain, Size: 2117 bytes --]
My reply and answer here.
from A_bughunter@proton.me
Sent from Proton Mail Android
-------- Original Message --------
On 12/28/24 2:07 AM, Konstantin Ryabitsev <konstantin@linuxfoundation.org> wrote:
> On Sat, Dec 28, 2024 at 03:05:11AM +0000, A bughunter wrote:
> > How would you confirm the correct SSH server fingerprint of github.com upon initial connection? Does GitHub post valid FP anywhere?
>
> Please do a modicum of effort before posting to the list. This is literally
> the first hit on the search engines:
> https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
>
Yeah, but you should post the keys in the community incase an attacker would intercept, block, or change those posted in the official location. That is the great benifit of community support. These are GitHub's public key fingerprints:
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s (RSA)
SHA256:br9IjFspm1vxR3iA35FWE+4VTyz1hYVLIE2t1/CeyWQ (DSA - closing down)
SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM (ECDSA)
SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU (Ed25519)
You can add the following ssh key entries to your ~/.ssh/known_hosts file to avoid manually verifying GitHub hosts:
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
[-- Attachment #1.2: publickey - A_bughunter@proton.me - 0x66540805.asc --]
[-- Type: application/pgp-keys, Size: 705 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 322 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [fingerprint] of github.com
2024-12-28 3:05 [fingerprint] of github.com A bughunter
2024-12-28 8:07 ` Konstantin Ryabitsev
@ 2024-12-28 13:33 ` rsbecker
1 sibling, 0 replies; 5+ messages in thread
From: rsbecker @ 2024-12-28 13:33 UTC (permalink / raw)
To: 'A bughunter', git
On December 27, 2024 10:05 PM, A bughunter wrote:
>How would you confirm the correct SSH server fingerprint of github.com upon
>initial connection? Does GitHub post valid FP anywhere?
This is not the correct list for this question. Contact GitHub support, please.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-12-28 22:27 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-28 3:05 [fingerprint] of github.com A bughunter
2024-12-28 8:07 ` Konstantin Ryabitsev
2024-12-28 21:12 ` A bughunter
2024-12-28 22:27 ` Konstantin Ryabitsev
2024-12-28 13:33 ` rsbecker
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).