Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

You are on the right track, but need to clear one hurdle first. What's happening is that you've used the code.wireshark.org web interface (identified by the certificate) to setup your account with your public key. That allows code.wireshark.org to identify YOU when you make an SSH connection using the secret key matching the public key.

What you see now is that you're making an SSH connection but cannot be sure with whom. There is no certificate as with the web interface. What is there is the SSH server public key. If you've never contacted this SSH server before you're asked to verify the fingerprint of this server public key. How can you know the fingerprint? Usually this is published via some other means, e.g. the website. I can't really find it, but my scan of the server reveals:

[email protected]:~$ ssh-keyscan -6 -p 29418 -t ecdsa code.wireshark.org | ssh-keygen -l -f - 
# code.wireshark.org:29418 SSH-2.0-GerritCodeReview_2.14.11 (SSHD-CORE-1.4.0)
256 SHA256:UTO4rPCBD3QnRMX68UDb1wRk5RVN05Zt5ky2AZS9YuU [code.wireshark.org]:29418 (ECDSA)

So that looks okay to me.

What to do? Answer the question 'continue connecting' with yes. This will store the server key for the next time, and alert you if it ever changes (it shouldn't). Then you know the SSH server is the server you expect it to be, and the server knows who you are, so you can clone, pull, push as you wish.