savannah-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-users] git.sv.gnu.org ssh host key

From: Bob Proulx
Subject: Re: [Savannah-users] git.sv.gnu.org ssh host key
Date: Mon, 13 Feb 2017 12:59:33 -0700
User-agent: NeoMutt/20170113 (1.7.2) 
Hello ayleph,

ayleph wrote:
> When trying to pull from a git repo hosted at git.sv.gnu.org, I receive
> a message that the host key has changed.

Yes.  We have been in a long migration period we we move services from
the old servers onto new ones.  Probably the best place to see the
announcements is on the Savannah web page.  Here are the recent news
postings there.

  https://savannah.gnu.org/news/
  http://lists.gnu.org/archive/html/savannah-users/

Specifically you are probably interested in this announcement of git
having been moved to the new server and it including an IP address
change.

  https://savannah.gnu.org/forum/forum.php?forum_id=8749

I am loath to include posting an IP address since the IP address might
change again in the future.  I am hoping that it will.  We do not have
a "floating IP" to move with the servers and must make DNS changes to
change the address.  Checking the IP address is a TOFU (Trust On First
Use) measure but one that I think is not appropriate.

What is important is the host key.  The SSH RSA host key was
intentionally preserved at this time and has not changed.  However it
is a very old key, and short by current standards, and will need to be
lengthened in the near future.

After previous discussion we decided to preserve the old host key
throughout the migration such that we could flip back to the previous
server as needed.  This way users with the previous key in their known
hosts file (TOFU) will not see a change to the host key.  Plus with
all of the announcements and discussion if users do notice the IP
address change then hopefully they will realize it is part of the
migration to the new servers.

> If this is a legitimate change, can someone update the "Verifying
> host fingerpints" section on the SshAccess page below with the new
> key?
> 
> https://savannah.gnu.org/maintenance/SshAccess/

The top half of that document is pretty good.  Looking at the bottom
half of that document makes me sad.  There is so much work that needs
to be done to make it current.  Much of the documentation on Savannah
is in need of much work.  Perhaps making updates to the docs is
something you or other volunteers would be interested in doing?

Bob
reply via email to
[Prev in Thread] Current Thread [Next in Thread]