2020-08-20 08:34:58 +00:00
---
eleventyNavigation:
key: SSHFingerprint
2021-11-20 13:01:24 +00:00
title: Verifying you're connected to Codeberg using SSH fingerprints
2020-08-20 08:34:58 +00:00
parent: Security
2021-11-21 11:10:17 +00:00
order: 30
2020-08-20 08:34:58 +00:00
---
When you connect to Codeberg via SSH, for example
2021-06-15 10:21:47 +00:00
[to clone or commit ](/git/clone-commit-via-cli/ ), you need to make sure that
2022-07-30 23:19:06 +00:00
you're actually connected to Codeberg's servers and not someone else's
who's attempting to execute a so-called [man-in-the-middle attack ](https://en.wikipedia.org/wiki/Man-in-the-middle_attack ).
2020-08-20 08:34:58 +00:00
2022-07-30 23:19:06 +00:00
To protect you against these sort of attacks,
SSH will ask you whether or not you want to trust a server the first time
you connect to it:
2020-08-20 08:34:58 +00:00
```bash
$ git clone git@codeberg.org:Codeberg/Documentation
Cloning into 'Documentation' ...
The authenticity of host 'codeberg.org (159.69.0.178)' can't be established.
ECDSA key fingerprint is SHA256:T9FYDEHELhVkulEKKwge5aVhVTbqCW0MIRwAfpARs/E.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
```
2022-07-30 23:19:06 +00:00
When connecting to Codeberg, it is important that you compare the displayed fingerprint
2020-08-20 08:34:58 +00:00
against one of the following fingerprints published by Codeberg:
```
SHA256:6QQmYi4ppFS4/+zSZ5S4IU+4sa6rwvQ4PbhCtPEBekQ codeberg.org (RSA)
SHA256:T9FYDEHELhVkulEKKwge5aVhVTbqCW0MIRwAfpARs/E codeberg.org (ECDSA)
SHA256:mIlxA9k46MmM6qdJOdMnAQpzGxF4WIVVL+fj+wZbw0g codeberg.org (ED25519)
```
2022-01-21 10:36:38 +00:00
These are the SHA256 versions of ** [the fingerprints published in the Imprint ](https://codeberg.org/codeberg/org/src/Imprint.md#user-content-ssh-fingerprints )**,
2020-08-20 08:34:58 +00:00
which are to be considered the authoritative fingerprints for Codeberg.
**If they match, you're good to go** and can safely use Codeberg via SSH.
2022-07-30 21:12:58 +00:00
**If they don't, don't connect** because your credentials may be at risk.
Please give us a heads-up at [contact@codeberg.org ](mailto:contact@codeberg.org ).