ECDSA key fingerprint for anoncvs.netbsd.org?

To: pkgsrc-users%netbsd.org@localhost
Subject: ECDSA key fingerprint for anoncvs.netbsd.org?
From: "J. Lewis Muir" <jlmuir%imca-cat.org@localhost>
Date: Thu, 9 May 2024 13:41:30 -0500

Hello!

When I tried to update a pkgsrc source tree via CVS from
anoncvs.netbsd.org, I was presented with an ECDSA key fingerprint and
prompted to choose whether to continue.  Are the SSH key fingerprints
for anoncvs.netbsd.org published anywhere?  If not, could they be?

I think it would also be good to update pkgsrc documentation for this,
including the pkgsrc quickstart documentation and the pkgsrc guide, and
include a link to where the anoncvs.netbsd.org ECDSA key fingerprints
are published.

Since this is for anoncvs.netbsd.org, which also hosts NetBSD's source
code, I would think this issue applies more broadly.  But I haven't seen
others asking about it, so I'm a little puzzled by that.

Here's exactly what I did on RHEL 7:

----
$ cvs update -dP
The authenticity of host 'anoncvs.netbsd.org (199.233.217.198)' can't be established.
ECDSA key fingerprint is SHA256:rfdxSvvf/JzDE4dO+hsx6E/Vj0L3HREk8Z795bItxr0.
ECDSA key fingerprint is MD5:c5:cd:f6:d8:a5:c0:01:91:68:c0:64:ea:23:a3:11:f7.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
cvs [update aborted]: end of file from server (consult above messages if any)
----

Thanks!

Lewis

Follow-Ups:
- Re: ECDSA key fingerprint for anoncvs.netbsd.org?
  - From: Thomas Klausner

Prev by Date: Re: Failure to build go on some 32bit port-i386 machines
Next by Date: Re: ECDSA key fingerprint for anoncvs.netbsd.org?
Previous by Thread: pkgin wants to install all the things
Next by Thread: Re: ECDSA key fingerprint for anoncvs.netbsd.org?
Indexes:

Home | Main Index | Thread Index | Old Index