SSH Fingerprints Mismatch
Gitlab provides a page where the SSH Fingerprints of the server are shown: https://gitlab.e.foundation/help/instance_configuration
Verifying SSH fingerprints is necessary in order to avoid man-in-the-middle attacks and to verify that the connection is made with the correct server while accessing git repositories with SSH-protocol.
However the information on this site seems to be outdated, because trying to clone a repository shows:
markus@:~/2$ git clone ssh://firstname.lastname@example.org:2222/e/apps/BlissLauncher.git Cloning into 'BlissLauncher'... The authenticity of host '[gitlab.e.foundation]:2222 ([22.214.171.124]:2222)' can't be established. ECDSA key fingerprint is SHA256:zkeMEbv99PJWNi0u3bdbG2FWxaJCAtXteB5Xlil+UGY. Are you sure you want to continue connecting (yes/no)? ^C
On the help page the SHA256-fingerprints are formatted in HEX-Format and not in Base64 (the current standard). This makes a comparison difficult if not impossible:
Furthermore trying to verify the fingerprint with md5 shows:
markus@:~$ ssh -o FingerprintHash=md5 -p 2222 email@example.com The authenticity of host '[gitlab.e.foundation]:2222 ([126.96.36.199]:2222)' can't be established. ECDSA key fingerprint is MD5:76:52:2f:ae:0d:f5:b1:80:62:79:3e:36:9d:43:33:a3. Are you sure you want to continue connecting (yes/no)? ^C
and the help page shows a different fingerprint:
This indicates that either I establish a connection with the wrong server or that the help page is outdated.
Please update the fingerprints on https://gitlab.e.foundation/help/instance_configuration so that people who want to clone a git repository via SSH-protocol can verify that they are connected to the correct server.