[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] new vcs server ssh host key fingerprint
From: |
Mike Miller |
Subject: |
Re: [Savannah-hackers-public] new vcs server ssh host key fingerprint |
Date: |
Fri, 13 Jan 2017 09:07:42 -0800 |
User-agent: |
NeoMutt/20161126 (1.7.1) |
On Fri, Jan 13, 2017 at 00:40:33 -0700, Bob Proulx wrote:
> Because of the flexibility to be able to switch back and forth while
> working on the various version control systems we went with option 3
> described there. (And we have used that capability a few times
> already.) I cloned the old host keys onto the new system. Therefore
> if you have the hostnames in your known_hosts for the previous system
> you should not get a key change warning using the same hostname on the
> new system. If your ssh warns on IP address changes that will be the
> only difference.
Maybe, the exact message was
Warning: the RSA host key for 'hg.sv.gnu.org' differs from the key for the IP
address '208.118.235.201'
My reflexive response was to run `ssh-keygen -R hg.sv.gnu.org`, log in
again, and verify the fingerprint. My ssh client only displays the
sha256 fingerprint for the ECDSA key, and that's how we ended up here :)
> 1024 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5 (RSA)
> 256 65:b8:1c:2f:82:7c:0e:39:e1:4a:63:f2:13:10:e8:9c (ECDSA)
> 256 14:7b:c8:98:dd:06:08:97:8c:00:9d:d2:ae:85:c8:82 (ED25519)
>
> 1024 SHA256:FYkx0iik+iBeCLRzvUyUSTRT98TEBBJoYuQsTXbyGL8 (RSA)
> 256 SHA256:qRLLJ4w/GAeiDyYnbx4yWJbZXwGiYYxgNty7lAfUyuM (ECDSA)
> 256 SHA256:o/oI4CKKcWc4cZvDFEdmOXsE3tiPP8bWa04h4bQjtV4 (ED25519)
>
> hg.savannah.gnu.org ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAIEAzFQovi+67xa+wymRz9u3plx0ntQnELBoNU4SCl3RkwSFZkrZsRTC0fTpOKatQNs1r/BLFoVt21oVFwIXVevGQwB+Lf0Z+5w9qwVAQNu/YUAFHBPTqBze4wYK/gSWqQOLoj7rOhZk0xtAS6USqcfKdzMdRWgeuZ550P6gSzEHfv0=
> hg.savnnah.gnu.org ecdsa-sha2-nistp256
> AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP9c1Z2f4OHxymvLxqxQ/hY1g0ol0/iiXUrVFGZBBq4h5gD05c7Gw9rRrcrvF9XvumBvOghOQzDSZZLRWvFGocA=
> hg.savannah.gnu.org ssh-ed25519
> AAAAC3NzaC1lZDI1NTE5AAAAIMnMLHxGS/b6Su98mL/J58FkpEJY/X1mONqhPBuFX5sJ
>
> The RSA key is the same on both servers. The old server does not have
> the newer ciphers.
Thanks!
> Agreed. Unfortunately the documentation in general is a garget rich
> environment for improvement. The documentation is definitely an area
> where anyone could jump in and help significantly.
I've just cloned the wiki repo, I'll try to help if I can.
--
mike