Expand description
SSH host-key fingerprint pinning for well-known Git hosting services (FR-6, FR-7).
Gitway embeds the published SHA-256 fingerprints for GitHub, GitLab, and Codeberg. On every connection the server’s presented key is hashed and the resulting fingerprint is compared against the embedded list for that host. Any mismatch aborts the connection immediately.
§Custom / self-hosted instances
Fingerprints for any host not listed below can be added via a
known_hosts-style file at ~/.config/gitway/known_hosts (FR-7).
Each non-comment line must follow the format:
hostname SHA256:<base64-encoded-fingerprint>§Fingerprint sources
- GitHub: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
- GitLab: https://docs.gitlab.com/ee/user/gitlab_com/index.html#ssh-host-keys-fingerprints
- Codeberg: https://docs.codeberg.org/security/ssh-fingerprint/
Last verified: 2026-04-11
Constants§
- CODEBERG_
FINGERPRINTS - Codeberg.org’s published SSH host-key fingerprints (SHA-256).
- DEFAULT_
CODEBERG_ HOST - Primary Codeberg SSH host.
- DEFAULT_
GITHUB_ HOST - Primary GitHub SSH host (FR-1).
- DEFAULT_
GITLAB_ HOST - Primary GitLab SSH host.
- DEFAULT_
PORT - Default SSH port used by all providers.
- FALLBACK_
HOST Deprecated - Alias for
GITHUB_FALLBACK_HOST; retained so existing callers that reference the old name continue to compile. - FALLBACK_
PORT - HTTPS-port fallback for providers that support it (GitHub, GitLab).
- GITHUB_
FALLBACK_ HOST - Fallback GitHub SSH host when port 22 is unavailable (FR-1).
- GITHUB_
FINGERPRINTS - GitHub’s published SSH host-key fingerprints (SHA-256, FR-6).
- GITLAB_
FALLBACK_ HOST - Fallback GitLab SSH host when port 22 is unavailable.
- GITLAB_
FINGERPRINTS - GitLab.com’s published SSH host-key fingerprints (SHA-256).
Functions§
- fingerprints_
for_ host - Collects all expected fingerprints for
host.