On 28/07/2020 02:43, Gaetan Bisson via arch-dev-public wrote:
[2020-07-27 21:10:23 -0300] Giancarlo Razzolini:
Em julho 27, 2020 21:03 Gaetan Bisson escreveu:
It's quite unsettling that we seem to be rushing to write a news post
while this very reasonable suggestion remains completely ignored.
It wasn't ignored. They keys were deliberately changed in the process.
Why? Baptiste rightly points out "it's the same service as before and
(presumably) the host private keys were not compromised, so there is no
reason to change keys." Yet his message remains unanswered...
Luna is a host, AUR is a service.
With HTTPS, one can configure the host to provide the *service*
server-side certificate depending on the "Host:" header. E. g., appolo
providing a certificate dedicated to the archlinux wiki service, even
though it may host many other services.
Here, with SSH, the service requested is deduced from the login:
"aur@…". I do not know any configuration option to change the SSH host
key depending on the login (service) requested by the client.
So, with SSH, the host key is the same as the service key. If the key
of the AUR service (so the key of luna itself) is migrated to the new
server, luna and the new server will share the same host key.
Do you really want both servers have the same key?
--
Henry-Joseph Audéoud
audeoudh
