Changes between Version 16 and Version 17 of faq/security/fingerprints


Ignore:
Timestamp:
May 24, 2011, 9:28:53 AM (8 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • faq/security/fingerprints

    v16 v17  
    11= What's a Fingerprint? =
    2 
    3 IMPORTANT: Due to a security problem with the way keys were generated, most host keys are being updated the week of 2008-05-14! That means when you connect to a server that has been updated, you may get a warning that the host key has changed. Be sure to check the current host key fingerprint (see below) to ensure that the connection is secure.
    42
    53The first time you connect to one of our servers using an ssh-based connection (either via [wiki:sftp SFTP] or [wiki:secure_shell ssh]), your client program should warn you that you are connecting to a server that you have never connected to before. This warning is important! You do not want to risk connecting to the wrong server, because you will essentially be handing this server your username and password.
     
    75With the ssh protocol, servers are identified by "fingerprints." Fingerprints are extremely difficult to forge, so if your program reports that the server you are connecting to has a fingerprint that matches the true fingerprint of the server, you can safely connect.
    86
    9 Below are the fingerprints of our shared hosting servers. Please check your "Primary host" (by logging into our [https://members.mayfirst.org Members control panel]) and match up your primary host with the proper fingerprint. If your Secure FTP program reports the same fingerprint as listed below, you can instruct your Secure FTP  program to "Always accept" that fingerprint. Then, you will only be warned if the fingerprint changes for some reason.
    10 
    11 Before the host key, you may see numbers like "1024" or "2048"; these numbers indicate the length of the key, but are not part of the key itself.
    12 
    13 To find a fingerprint for a file, [browser:trunk/admin/servers-available click on the server from our server list] and then click on the fingerprint file.
    14 
    15 The most commonly used server fingerprints are below for easy reference:
    16 
    17  * [browser:trunk/admin/servers-available/viewsic/fingerprint viewsic.mayfirst.org]
    18  * [browser:trunk/admin/servers-available/chavez/fingerprint chavez.mayfirst.org]
    19  * [browser:trunk/admin/servers-available/malcolm/fingerprint malcolm.mayfirst.org]
    20  * [browser:trunk/admin/servers-available/mandela/fingerprint mandela.mayfirst.org]
    21  * [browser:trunk/admin/servers-available/albizu/fingerprint albizu.mayfirst.org]
    22  * [browser:trunk/admin/servers-available/rosa/fingerprint a.backup.mayfirst.org (aka rosa.mayfirst.org)]
    23  * [browser:trunk/admin/servers-available/fannie/fingerprint b.backup.mayfirst.org (aka fannie.mayfirst.org)]
    24  * [browser:trunk/admin/servers-available/ali/fingerprint c.backup.mayfirst.org (aka ali.mayfirst.org)]
    25  * [browser:trunk/admin/servers-available/robideau/fingerprint console.mayfirst.org (aka robideau.mayfirst.org, the serial console server)]
     7Coming Soon ... directions for verifying MFPL server fingerprints.