Documentation/content/security/ssh-fingerprint.md

---
eleventyNavigation:
  key: SSHFingerprint
  title: Verifying you're connected to Codeberg using SSH fingerprints
  parent: Security
  order: 30
---

When you connect to Codeberg via SSH, for example
[to clone or commit](/git/clone-commit-via-cli/), you need to make sure that
you're actually connected to Codeberg's servers and not someone else's
who's attempting to execute a so-called [man-in-the-middle attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack).

To protect you against these sort of attacks,
SSH will ask you whether or not you want to trust a server the first time
you connect to it:

```bash
$ git clone git@codeberg.org:Codeberg/Documentation
Cloning into 'Documentation' ...
The authenticity of host 'codeberg.org (159.69.0.178)' can't be established.
ECDSA key fingerprint is SHA256:T9FYDEHELhVkulEKKwge5aVhVTbqCW0MIRwAfpARs/E.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
```

When connecting to Codeberg, it is important that you compare the displayed fingerprint
against one of the following fingerprints published by Codeberg:

```
SHA256:6QQmYi4ppFS4/+zSZ5S4IU+4sa6rwvQ4PbhCtPEBekQ codeberg.org (RSA)
SHA256:T9FYDEHELhVkulEKKwge5aVhVTbqCW0MIRwAfpARs/E codeberg.org (ECDSA)
SHA256:mIlxA9k46MmM6qdJOdMnAQpzGxF4WIVVL+fj+wZbw0g codeberg.org (ED25519)
```

These are the SHA256 versions of **[the fingerprints published in the Imprint](https://codeberg.org/codeberg/org/src/Imprint.md#user-content-ssh-fingerprints)**,
which are to be considered the authoritative fingerprints for Codeberg.

**If they match, you're good to go** and can safely use Codeberg via SSH.

**If they don't, don't connect** because your credentials may be at risk.
Please give us a heads-up at [contact@codeberg.org](mailto:contact@codeberg.org).
Added article about Codeberg SSH Fingerprints 2020-08-20 08:34:58 +00:00			`---`
			`eleventyNavigation:`
			`key: SSHFingerprint`
Add "(ssh fingerprints)" to title (#179) Makes it easier to find the ssh fingerprints from the title alone. Co-authored-by: Reynir Björnsson <reynir@reynir.dk> Reviewed-on: https://codeberg.org/Codeberg/Documentation/pulls/179 Co-authored-by: reynir <reynir@noreply.codeberg.org> Co-committed-by: reynir <reynir@noreply.codeberg.org> 2021-11-20 13:01:24 +00:00			`title: Verifying you're connected to Codeberg using SSH fingerprints`
Added article about Codeberg SSH Fingerprints 2020-08-20 08:34:58 +00:00			`parent: Security`
Reorder articles in the security section 2021-11-21 11:10:17 +00:00			`order: 30`
Added article about Codeberg SSH Fingerprints 2020-08-20 08:34:58 +00:00			`---`

			`When you connect to Codeberg via SSH, for example`
Unify SSH and HTTP clone & commit articles (#129) 2021-06-15 10:21:47 +00:00			`[to clone or commit](/git/clone-commit-via-cli/), you need to make sure that`
Revise 2022-07-30 23:19:06 +00:00			`you're actually connected to Codeberg's servers and not someone else's`
			`who's attempting to execute a so-called [man-in-the-middle attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack).`
Added article about Codeberg SSH Fingerprints 2020-08-20 08:34:58 +00:00
Revise 2022-07-30 23:19:06 +00:00			`To protect you against these sort of attacks,`
			`SSH will ask you whether or not you want to trust a server the first time`
			`you connect to it:`
Added article about Codeberg SSH Fingerprints 2020-08-20 08:34:58 +00:00
			```bash
			`$ git clone git@codeberg.org:Codeberg/Documentation`
			`Cloning into 'Documentation' ...`
			`The authenticity of host 'codeberg.org (159.69.0.178)' can't be established.`
			`ECDSA key fingerprint is SHA256:T9FYDEHELhVkulEKKwge5aVhVTbqCW0MIRwAfpARs/E.`
Add woodpecker ci & many linters (and their required fixes) (#377) closes #238 Co-authored-by: pat-s <patrick.schratz@gmail.com> Co-authored-by: Patrick Schratz <pat-s@noreply.codeberg.org> Reviewed-on: https://codeberg.org/Codeberg/Documentation/pulls/377 Co-authored-by: crapStone <crapstone01@gmail.com> Co-committed-by: crapStone <crapstone01@gmail.com> 2024-06-11 07:51:22 +00:00			`Are you sure you want to continue connecting (yes/no/[fingerprint])?`
Added article about Codeberg SSH Fingerprints 2020-08-20 08:34:58 +00:00			```

Revise 2022-07-30 23:19:06 +00:00			`When connecting to Codeberg, it is important that you compare the displayed fingerprint`
Added article about Codeberg SSH Fingerprints 2020-08-20 08:34:58 +00:00			`against one of the following fingerprints published by Codeberg:`

			```
			`SHA256:6QQmYi4ppFS4/+zSZ5S4IU+4sa6rwvQ4PbhCtPEBekQ codeberg.org (RSA)`
			`SHA256:T9FYDEHELhVkulEKKwge5aVhVTbqCW0MIRwAfpARs/E codeberg.org (ECDSA)`
			`SHA256:mIlxA9k46MmM6qdJOdMnAQpzGxF4WIVVL+fj+wZbw0g codeberg.org (ED25519)`
			```

Diverse changes (#189) a bunch of (typo) fixes, additions, rewordings Update references - remove mentions of the master branch, as it's removed for many repos and might change in the future for others (fixes some dead links) - remove mentions of moved repos with our official examples - some on-the-fly additions or rewordings Close #186 foobar->examples Co-authored-by: fnetx <git@fralix.ovh> Co-authored-by: fnetX <git@fralix.ovh> Reviewed-on: https://codeberg.org/Codeberg/Documentation/pulls/189 Co-authored-by: Otto Richter <fnetx@noreply.codeberg.org> Co-committed-by: Otto Richter <fnetx@noreply.codeberg.org> 2022-01-21 10:36:38 +00:00			`These are the SHA256 versions of [the fingerprints published in the Imprint](https://codeberg.org/codeberg/org/src/Imprint.md#user-content-ssh-fingerprints),`
Added article about Codeberg SSH Fingerprints 2020-08-20 08:34:58 +00:00			`which are to be considered the authoritative fingerprints for Codeberg.`

			`If they match, you're good to go and can safely use Codeberg via SSH.`

Fix ssh-fingerprint.md 2022-07-30 21:12:58 +00:00			`If they don't, don't connect because your credentials may be at risk.`
			`Please give us a heads-up at [contact@codeberg.org](mailto:contact@codeberg.org).`