SSH Fingerprints Mismatch
Gitlab provides a page where the SSH Fingerprints of the server are shown: https://gitlab.e.foundation/help/instance_configuration
Verifying SSH fingerprints is necessary in order to avoid man-in-the-middle attacks and to verify that the connection is made with the correct server while accessing git repositories with SSH-protocol.
However the information on this site seems to be outdated, because trying to clone a repository shows:
markus@:~/2$ git clone ssh://git@gitlab.e.foundation:2222/e/apps/BlissLauncher.git
Cloning into 'BlissLauncher'...
The authenticity of host '[gitlab.e.foundation]:2222 ([51.15.118.132]:2222)' can't be established.
ECDSA key fingerprint is SHA256:zkeMEbv99PJWNi0u3bdbG2FWxaJCAtXteB5Xlil+UGY.
Are you sure you want to continue connecting (yes/no)? ^C
On the help page the SHA256-fingerprints are formatted in HEX-Format and not in Base64 (the current standard). This makes a comparison difficult if not impossible:
72900d36e374948a0c412d520d3b75e487011088c85e7954f3601802a0c86ffe
Furthermore trying to verify the fingerprint with md5 shows:
markus@:~$ ssh -o FingerprintHash=md5 -p 2222 git@gitlab.e.foundation
The authenticity of host '[gitlab.e.foundation]:2222 ([51.15.118.132]:2222)' can't be established.
ECDSA key fingerprint is MD5:76:52:2f:ae:0d:f5:b1:80:62:79:3e:36:9d:43:33:a3.
Are you sure you want to continue connecting (yes/no)? ^C
and the help page shows a different fingerprint:
b7:a4:a5:46:60:35:45:94:f0:ec:92:52:0a:e6:77:7d
This indicates that either I establish a connection with the wrong server or that the help page is outdated.
Please update the fingerprints on https://gitlab.e.foundation/help/instance_configuration so that people who want to clone a git repository via SSH-protocol can verify that they are connected to the correct server.