On Thu, 2011-02-17 at 19:30 +0100, Henning Thielemann wrote: > Duncan Coutts schrieb: > > > Several people have asked about the new host key. Yes, there is a new > > RSA host key for the community server, the fingerprint of which is: > > > > 21:b8:59:ff:39:69:58:7a:51:ef:c1:d8:c6:24:6e:f7 > > > > ssh will likely give you a scary warning and you'll need to delete the > > old entry in your ~/.ssh/known_hosts file. You don't need to enter a new > > one, just delete the old one. When you next log into the server, ssh > > will ask you if you're happy with the new key. If you're paranoid, you > > can double check that it matches the key fingerprint above. > > Do you think it is paranoid?
Sorry, I didn't mean it literally (or pejoratively). > Unfortunately it has become quite common to ignore SSH warnings > because admins often do not care about restoring keys when updating > the operating system or moving the machine, even not telling users > that the host key has changed. But if I had ignored the SSH warning > on code.haskell.org recently I might have logged in and from there > maybe to other servers, thus giving my passwords to the attackers. I > think generally that just deleting a host from known_hosts in response > to an SSH warning and blindly accepting a new host key is not a fix. Am > I too afraid? No, you're quite right. It was these warnings that initially alerted us to the problem. Duncan _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe