You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Difference between revisions of "Help talk:SSH Fingerprints"

From Wikitech-static
Jump to navigation Jump to search
imported>Nemo bis
(→‎Other instances: new section)
 
imported>GTirloni
 
(2 intermediate revisions by 2 users not shown)
Line 4: Line 4:


* Go to [[Special:NovaInstance]] and click "get console output" on the relevant row, search the fingerprint in the output.
* Go to [[Special:NovaInstance]] and click "get console output" on the relevant row, search the fingerprint in the output.
== Remotely through a proxy ==
The Python script does not work if the domain is not publicly reachable (since ssh-keyscan ignores ProxyCommand) and the bastions have an old OpenSSH version that does not understand sha256 so running there does not help. To make the script work add something like
<syntaxhighlight lang="python">
proxy = 'bast1001.wikimedia.org'
remoteKeyscanCommand = 'ssh', proxy, ' '.join(keyscanCommand)
subprocess.call(remoteKeyscanCommand, ...
</syntaxhighlight>
I don't really get the point of this script, though. Doesn't this just fetch the fingerprint of wherever the domain currently points to, though? How does that protect against an MITM? --[[User:Gergő Tisza|tgr]] ([[User talk:Gergő Tisza|talk]]) 07:42, 29 April 2017 (UTC)
== Shebang ==
A shebang update is perhaps needed: <code>#!/usr/bin/python3</code> → <code>#!/usr/bin/env python3</code>
== Please add ==
* login-trusty.tools.wmflabs.org
* login-stretch.tools.wmflabs.org
--[[User:Emijrp|Emijrp]] ([[User talk:Emijrp|talk]]) 09:00, 8 February 2019 (UTC)
Added
[[User:GTirloni|GTirloni]] ([[User talk:GTirloni|talk]]) 00:55, 9 February 2019 (UTC)

Latest revision as of 00:55, 9 February 2019

tools-submit fingerprint is missing. I got a message when trying to do crontab -l. 6e:33:c3:... Emijrp (talk) 13:48, 11 May 2014 (UTC)

Other instances

  • Go to Special:NovaInstance and click "get console output" on the relevant row, search the fingerprint in the output.

Remotely through a proxy

The Python script does not work if the domain is not publicly reachable (since ssh-keyscan ignores ProxyCommand) and the bastions have an old OpenSSH version that does not understand sha256 so running there does not help. To make the script work add something like

proxy = 'bast1001.wikimedia.org'
remoteKeyscanCommand = 'ssh', proxy, ' '.join(keyscanCommand)
subprocess.call(remoteKeyscanCommand, ...

I don't really get the point of this script, though. Doesn't this just fetch the fingerprint of wherever the domain currently points to, though? How does that protect against an MITM? --tgr (talk) 07:42, 29 April 2017 (UTC)

Shebang

A shebang update is perhaps needed: #!/usr/bin/python3#!/usr/bin/env python3

Please add

  • login-trusty.tools.wmflabs.org
  • login-stretch.tools.wmflabs.org

--Emijrp (talk) 09:00, 8 February 2019 (UTC)

Added

GTirloni (talk) 00:55, 9 February 2019 (UTC)