I just switched hg.python.org from a OSUOSL VM to a Rackspace VM. The new VM is a bit beefier and has what I think is better network connectivity, so hopefully that will improving the speed of repository operations. We also now support HTTPS for repository browsing and cloning, so update all your links to https://hg.python.org! IPv6 support has also returned for those who like that sort of thing.
Note the host keys changed, so you'll probably have to futz with known_hosts to quiet ssh down. I apologize, but I noticed that that the current RSA host key is 1024 bits, so I decided to upgrade it to 2048 during the transition.
Thanks to Donald Stufft for helping me set this up.
On Sep 12, 2014, at 5:34 PM, Benjamin Peterson <benjamin@python.org> wrote:
The new VM is a bit beefier and has what I think is better network connectivity, so hopefully that will improving the speed of repository operations.
Thanks Benjamin, the repo is noticeably faster.
Raymond
On 9/12/2014 8:34 PM, Benjamin Peterson wrote:
I just switched hg.python.org from a OSUOSL VM to a Rackspace VM. The new VM is a bit beefier and has what I think is better network connectivity, so hopefully that will improving the speed of repository operations. We also now support HTTPS for repository browsing and cloning, so update all your links to https://hg.python.org! IPv6 support has also returned for those who like that sort of thing.
Note the host keys changed, so you'll probably have to futz with known_hosts to quiet ssh down. I apologize, but I noticed that that the current RSA host key is 1024 bits, so I decided to upgrade it to 2048 during the transition.
putty just asks whether the host key change is expected or not, and just takes care of its list if one answers 'yes'.
Thanks to Donald Stufft for helping me set this up.
-- Terry Jan Reedy
On 13/09/14 02:34, Benjamin Peterson wrote:
I just switched hg.python.org from a OSUOSL VM to a Rackspace VM. The new VM is a bit beefier and has what I think is better network connectivity, so hopefully that will improving the speed of repository operations. We also now support HTTPS for repository browsing and cloning, so update all your links to https://hg.python.org! IPv6 support has also returned for those who like that sort of thing.
Note the host keys changed, so you'll probably have to futz with known_hosts to quiet ssh down. I apologize, but I noticed that that the current RSA host key is 1024 bits, so I decided to upgrade it to 2048 during the transition.
Thanks to Donald Stufft for helping me set this up.
I see this fingerprint for HTTPS:
f4:21:58:34:4e:26:dd:55:16:51:2e:ce:6e:58:a8:92:6e:32:c8:50
I see this fingerprint for SSH:
a0:12:52:50:4a:4b:db:43:ac:65:26:b6:6f:0a:f7:b8
-- Jesús Cea Avión _/_/ _/_/_/ _/_/_/ jcea@jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/ Twitter: @jcea _/_/ _/_/ _/_/_/_/_/ jabber / xmpp:jcea@jabber.org _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz
On Sep 18, 2014, at 10:58 AM, Jesus Cea <jcea@jcea.es> wrote:
On 13/09/14 02:34, Benjamin Peterson wrote:
I just switched hg.python.org from a OSUOSL VM to a Rackspace VM. The new VM is a bit beefier and has what I think is better network connectivity, so hopefully that will improving the speed of repository operations. We also now support HTTPS for repository browsing and cloning, so update all your links to https://hg.python.org! IPv6 support has also returned for those who like that sort of thing.
Note the host keys changed, so you'll probably have to futz with known_hosts to quiet ssh down. I apologize, but I noticed that that the current RSA host key is 1024 bits, so I decided to upgrade it to 2048 during the transition.
Thanks to Donald Stufft for helping me set this up.
I see this fingerprint for HTTPS:
f4:21:58:34:4e:26:dd:55:16:51:2e:ce:6e:58:a8:92:6e:32:c8:50
I see this fingerprint for SSH:
a0:12:52:50:4a:4b:db:43:ac:65:26:b6:6f:0a:f7:b8
For the record, here are the SSH host keys on the hg box:
$ find /etc/ssh -name 'ssh_host_*_key.pub' -exec ssh-keygen -lf {} \; 256 1d:02:d1:d2:7b:a1:cb:e0:51:65:25:d7:19:dd:4e:74 /etc/ssh/ssh_host_ed25519_key.pub (ED25519) 256 f1:53:9d:09:a1:42:8e:33:61:62:64:b1:ef:e9:02:ae /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA) 1024 0e:69:7b:9c:f3:d8:d8:83:81:8a:f4:2b:41:51:ab:bb /etc/ssh/ssh_host_dsa_key.pub (DSA) 2048 a0:12:52:50:4a:4b:db:43:ac:65:26:b6:6f:0a:f7:b8 /etc/ssh/ssh_host_rsa_key.pub (RSA)
Here’s the HTTPS certificate for hg.python.org:
$ openssl x509 -in /etc/ssl/private/hg.python.org.pem -noout -fingerprint SHA1 Fingerprint=F4:21:58:34:4E:26:DD:55:16:51:2E:CE:6E:58:A8:92:6E:32:C8:50
$ openssl x509 -in /etc/ssl/private/hg.python.org.pem -noout -fingerprint -sha256 SHA256 Fingerprint=B2:F7:DD:60:14:CE:F4:EE:B5:46:13:CD:DB:CA:54:B5:24:F1:94:D8:53:91:CD:87:AF:A4:F1:53:29:ED:82:46
Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
On Sep 18, 2014, at 4:53 PM, Donald Stufft <donald@stufft.io> wrote:
On Sep 18, 2014, at 10:58 AM, Jesus Cea <jcea@jcea.es <mailto:jcea@jcea.es>> wrote:
On 13/09/14 02:34, Benjamin Peterson wrote:
I just switched hg.python.org <http://hg.python.org/> from a OSUOSL VM to a Rackspace VM. The new VM is a bit beefier and has what I think is better network connectivity, so hopefully that will improving the speed of repository operations. We also now support HTTPS for repository browsing and cloning, so update all your links to https://hg.python.org <https://hg.python.org/>! IPv6 support has also returned for those who like that sort of thing.
Note the host keys changed, so you'll probably have to futz with known_hosts to quiet ssh down. I apologize, but I noticed that that the current RSA host key is 1024 bits, so I decided to upgrade it to 2048 during the transition.
Thanks to Donald Stufft for helping me set this up.
I see this fingerprint for HTTPS:
f4:21:58:34:4e:26:dd:55:16:51:2e:ce:6e:58:a8:92:6e:32:c8:50
I see this fingerprint for SSH:
a0:12:52:50:4a:4b:db:43:ac:65:26:b6:6f:0a:f7:b8
For the record, here are the SSH host keys on the hg box:
$ find /etc/ssh -name 'ssh_host_*_key.pub' -exec ssh-keygen -lf {} \; 256 1d:02:d1:d2:7b:a1:cb:e0:51:65:25:d7:19:dd:4e:74 /etc/ssh/ssh_host_ed25519_key.pub (ED25519) 256 f1:53:9d:09:a1:42:8e:33:61:62:64:b1:ef:e9:02:ae /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA) 1024 0e:69:7b:9c:f3:d8:d8:83:81:8a:f4:2b:41:51:ab:bb /etc/ssh/ssh_host_dsa_key.pub (DSA) 2048 a0:12:52:50:4a:4b:db:43:ac:65:26:b6:6f:0a:f7:b8 /etc/ssh/ssh_host_rsa_key.pub (RSA)
Here’s the HTTPS certificate for hg.python.org <http://hg.python.org/>:
$ openssl x509 -in /etc/ssl/private/hg.python.org.pem -noout -fingerprint SHA1 Fingerprint=F4:21:58:34:4E:26:DD:55:16:51:2E:CE:6E:58:A8:92:6E:32:C8:50
$ openssl x509 -in /etc/ssl/private/hg.python.org.pem -noout -fingerprint -sha256 SHA256 Fingerprint=B2:F7:DD:60:14:CE:F4:EE:B5:46:13:CD:DB:CA:54:B5:24:F1:94:D8:53:91:CD:87:AF:A4:F1:53:29:ED:82:46
Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
python-committers mailing list python-committers@python.org <mailto:python-committers@python.org> https://mail.python.org/mailman/listinfo/python-committers <https://mail.python.org/mailman/listinfo/python-committers>
Just a FYI, I dropped the DSA keys since they were only 1024 bit which is no longer secure against computationally powerful attackers.
Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
participants (5)
-
Benjamin Peterson -
Donald Stufft -
Jesus Cea -
Raymond Hettinger -
Terry Reedy