It turns out that it is somewhat confusing to the users that we remove the upstream server fingerprints from the source code. I can imagine this is a security consideration, but we should at least mention in the pkg-message that in order to bring them back in a user may run the following: cat > ~/.tmate.conf <<\EOF set -g tmate-server-rsa-fingerprint "SHA256:Hthk2T/M/Ivqfk1YYUn5ijC2Att3+UPzD7Rn72P5VWs" set -g tmate-server-ecdsa-fingerprint "SHA256:8GmKHYHEJ6n0TEdciHeEGkKOigQfCFuBULdt6vZIhDc" EOF Related issue raised in the upsteam repo: https://github.com/tmate-io/tmate/issues/219
Created attachment 220583 [details] Patch file Don't reset default server fingerprints.
Comment on attachment 220583 [details] Patch file Hmmm, I think I'd prefer to keep this patch and instead add a pkg-message instead which told the user how to trust the tmate.io servers if the want to. Personally, I don't and use tmate only with my own instance of sysutils/tmate-ssh-server and think that should be our default for the package, otherwise it seems a bit hidden from the users what they are really trusting and where there data is going when they run tmate.
(In reply to Steve Wills from comment #2) I think I agree with Steve. Let's prepare an update for pkg-message.
I've posted a patch: https://reviews.freebsd.org/D27627
(In reply to Mateusz Piotrowski from comment #4) Works for me, approved.
A commit references this bug: Author: 0mp Date: Tue Dec 15 21:06:41 UTC 2020 New revision: 558182 URL: https://svnweb.freebsd.org/changeset/ports/558182 Log: systutils/tmate: Explain how to configure default fingerprints PR: 251846 Approved by: swills (maintainer) Differential Revision: https://reviews.freebsd.org/D27627 Changes: head/sysutils/tmate/Makefile head/sysutils/tmate/pkg-message
(In reply to Yasuhiro KIMURA from comment #1) BTW, thanks for the patch. We decided to go in a different direction for now, but it's super nice you sent a patch anyway :) Cheers!