Can you do ssh -v to that box and send me the output?
> On Jan 23, 2015, at 8:50 AM, Brett Cannon <[email protected]> wrote: > > I tried updating my checkout this morning and then I was given the warning. > So I deleted the key from my known_hosts file, accepted the new one, but now > I just keep getting my connection rejected: > > remote: Received disconnect from 104.130.43.97: 2: Too many authentication > failures for hg > > abort: no suitable response from remote hg! > > > > This this rejection going to timeout so I can eventually connect, and if so > how long do I need to wait? > > >> On Tue Jan 20 2015 at 11:55:08 AM Donald Stufft <[email protected]> wrote: >> Sending this to python-committers as well for anyone who doesn't keep up with >> python-dev. If you've gotten this message twice now I'm sorry! >> >> Just a heads up that people might see a "REMOTE HOST IDENTIFICATION HAS >> CHANGED!" error when connecting to hg.python.org's SSH (or any other PSF >> machine). The reason for this is that previously we allowed RSA, ECDSA, and >> ED25519 host keys. However ECDSA relies on having an unbiased random number >> generator on every connection and any bias in the random numbers can leak the >> private key. Since these are running on VMs where we don't know for sure what >> the quality is of the random numbers I've disabled the ECDSA host key. >> >> The impact of this is if you had previously connected to a PSF machine, and >> your client had the ECDSA key in your ~/.ssh/known_hosts file, that you'll >> see an error like: >> >> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ >> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! >> Someone could be eavesdropping on you right now (man-in-the-middle >> attack)! >> It is also possible that a host key has just been changed. >> >> The remediation is to remove the ECDSA for the PSF servers from your known >> hosts and connect again and accept either the RSA or the ED25519 key when it >> presents it. >> >> The fingerprints for hg.python.org for both of those keys are: >> >> $ ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub >> 2048 a0:12:52:50:4a:4b:db:43:ac:65:26:b6:6f:0a:f7:b8 >> /etc/ssh/ssh_host_rsa_key.pub (RSA) >> $ ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub >> 256 1d:02:d1:d2:7b:a1:cb:e0:51:65:25:d7:19:dd:4e:74 >> /etc/ssh/ssh_host_ed25519_key.pub (ED25519) >> >> Sorry for any inconvience this causes! >> >> --- >> Donald Stufft >> PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA >> >> _______________________________________________ >> python-committers mailing list >> [email protected] >> https://mail.python.org/mailman/listinfo/python-committers
_______________________________________________ python-committers mailing list [email protected] https://mail.python.org/mailman/listinfo/python-committers
