Gregory Szorc
unread,Mar 31, 2016, 5:39:33 PM3/31/16You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to dev-versi...@lists.mozilla.org, dev-platform, Firefox Dev, release-e...@lists.mozilla.org
This message serves as a notice that the *SSH host keys* for
hg.mozilla.org will be rotated in the next ~24 hours.
When connecting to
hg.mozilla.org over SSH, your SSH client should warn
that host keys have changed and refuse to connect until
accepting/trusting the new host key. After 1st host key verification
failure:
1) `ssh-keygen -R
hg.mozilla.org` to remove the old host key
2) `ssh
hg.mozilla.org` and verify the fingerprint of the new key
matches one of the following:
256 SHA256:7MBAdqLe8+aSYkv+5/2LUUxd+WdgYcVSV+ZQVEKA7jA
hg.mozilla.org
(ED25519)
256 SHA1:Ft++OU96cvaREKNFCJ6AiuCpGac
hg.mozilla.org (ED25519)
256 MD5:96:eb:3b:78:f5:ca:19:e2:0c:a0:95:ea:04:28:7d:26
hg.mozilla.org
(ED25519)
4096 SHA256:RX2OK8A1KNWdxyu6ibIPeEGLBzc5vyQW/wd7RKjBehc
hg.mozilla.org (RSA)
4096 SHA1:p2MGe4wSw8ZnQ5J9ShBk/6VA+Co
hg.mozilla.org (RSA)
4096 MD5:1c:f9:cf:76:de:b8:46:d6:5a:a3:00:8d:3b:0c:53:77
hg.mozilla.org
(RSA)
Q: What host key types were changed? We dropped the DSA host key and
added a ED25519 host key. The length of the RSA key has been increased
from 2048 to 4096 bits.
Q: Does this impact connections to
https://hg.mozilla.org/? No. The x509
certificate to the https:// endpoint is remaining unchanged at this time.
Q: Why is this being done? We are modernizing the server infrastructure
of
hg.mozilla.org. As part of this, we're bringing the hosts in
compliance with Mozilla's SSH security guidelines
(
https://wiki.mozilla.org/Security/Guidelines/OpenSSH).