Re: Hash value of jp anoncvs server is inconsistent between the documents and actual value.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Hash value of jp anoncvs server is inconsistent between the documents and actual value.

Otto Moerbeek
On Sat, Mar 23, 2019 at 10:11:30PM +0900, UnHa Kim wrote:

> >Synopsis: hash value of jp anoncvs server is not the expected one.
> >Category: Document, or anoncvs mirror
> >Environment:
> System      : OpenBSD 6.4
> Details     : OpenBSD 6.4 all architecture
> Architecture: All
>
> When I tried to follow the stable, found a small inconsistency in a
> document.
> And, I heard that OpenBSD regard mistake in document as a serious bug.
> So, here I submit a report.
>
> >What works
> Anoncvs server in japan is reachable throuth the internet.
> Can receive hash value at first connection.
>
> >What seems not proper.
> Hash value in the document ( https://www.openbsd.org/anoncvs.html ),
> and actual received value is inconsistent.
>
> Document ( https://www.openbsd.org/anoncvs.html ) says,
> hash value of jp anoncvs as below
>
> -----------------------------------------------------------------
> CVSROOT=[hidden email]:/cvs
> Host also known as kankoromochi.econ.nagasaki-u.ac.jp.
> Location: Nagasaki University, Faculty of Economics, Nagasaki, Japan.
> Maintained by SUZUKI Hitoshi.
> Protocols: ssh, pserver.
> Updated every 3 hours.
> SSH fingerprints:
> (RSA) MD5:80:6d:6b:9e:2b:5e:a3:fa:cc:bb:f7:fe:46:9f:ce:be
> (DSA) MD5:f3:8e:b4:d0:00:26:f1:1b:5b:98:50:ad:d4:94:23:98
> (ECDSA) MD5:dc:8b:b9:2f:4d:20:73:62:a9:3b:f8:ce:09:10:dc:b8
> (ED25519) MD5:af:b8:2d:3c:0a:a0:89:15:cb:8f:c0:ad:e7:95:08:df
> -----------------------------------------------------------------
>
> But, when connected to the server, the received actual value is
> -----------------------------------------------------------------
> The authenticity of host 'anoncvs.jp.openbsd.org (133.45.178.239)' can't be
> established.
> ECDSA key fingerprint is SHA256:aXpmw11DuXXLm8PsJ37L65jEXbu8JF2cnVfQptSkoyQ.
> Are you sure you want to continue connecting (yes/no)?
> -----------------------------------------------------------------
>
> I see the inconsistency, but I don't know which is the case.
>
> - document not updated
> or
> - jp anoncvs server in the wrong hand
>
> In any of both cases, it seems worth a report.
>
> Regards
>
> --
> UnHa Kim
>

Try ssh -oFingerprintHash=md5 anoncvs.jp.openbsd.org to verify the key.

The website is incomplete, though, it should als lists the SHA256s

        -Otto

Reply | Threaded
Open this post in threaded view
|

Re: Hash value of jp anoncvs server is inconsistent between the documents and actual value.

Stuart Henderson
On 2019/03/23 15:20, Otto Moerbeek wrote:
> Try ssh -oFingerprintHash=md5 anoncvs.jp.openbsd.org to verify the key.
>
> The website is incomplete, though, it should als lists the SHA256s

I previously sent out mails to mirror admins asking that they provided
this information but didn't have replies from everyone. For obvious reasons
I don't want to take this information from third parties.

#   cd /etc/ssh
#   for i in SHA256 MD5; do
#     ssh-keygen -l -E $i -f ssh_host_rsa_key.pub | awk '{print "SR\t"$2}'
#     ssh-keygen -l -E $i -f ssh_host_dsa_key.pub | awk '{print "SD\t"$2}'
#     ssh-keygen -l -E $i -f ssh_host_ecdsa_key.pub | awk '{print "SE\t"$2}'
#     ssh-keygen -l -E $i -f ssh_host_ed25519_key.pub | awk '{print "S2\t"$2}'
#   done