On 8/19/14 1:00 AM, Robin H. Johnson wrote: > The new SSH keys, in case you still didn't have them: > On Mon, Jun 30, 2014 at 10:26:52PM +0000, Robin H. Johnson wrote: >> 1024 5f:c3:fe:9a:ac:a7:99:f4:d3:c1:93:4c:52:87:74:28 (DSA) >> 256 aa:6a:e4:74:1d:73:d2:5a:9f:45:9f:18:55:81:c9:9a (ECDSA) >> 256 1c:2e:99:7d:c7:f0:bc:3b:a9:fb:d0:3e:2c:2a:79:ba (ED25519) >> 2048 24:3b:2d:3b:47:ca:7e:62:48:97:49:6a:f5:ad:66:88 (RSA)
I noticed the ssh host key for cvs.gentoo.org changed just now. IMHO such announcement would greatly benefit from a digital signature. Just in case, this is what ssh printed out for me (the new key matches the announcement): $ cvs up @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The RSA host key for cvs.gentoo.org has changed, and the key for the corresponding IP address 148.251.78.52 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is 24:3b:2d:3b:47:ca:7e:62:48:97:49:6a:f5:ad:66:88. Please contact your system administrator. Add correct host key in /home/ph/.ssh/known_hosts to get rid of this message. Offending RSA key in /home/ph/.ssh/known_hosts:15 RSA host key for cvs.gentoo.org has changed and you have requested strict checking. Host key verification failed. cvs [update aborted]: end of file from server (consult above messages if any) Paweł
signature.asc
Description: OpenPGP digital signature
