savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] new vcs server ssh host key fingerprint


From: Mike Miller
Subject: Re: [Savannah-hackers-public] new vcs server ssh host key fingerprint
Date: Fri, 13 Jan 2017 09:07:42 -0800
User-agent: NeoMutt/20161126 (1.7.1)

On Fri, Jan 13, 2017 at 00:40:33 -0700, Bob Proulx wrote:
> Because of the flexibility to be able to switch back and forth while
> working on the various version control systems we went with option 3
> described there.  (And we have used that capability a few times
> already.)  I cloned the old host keys onto the new system.  Therefore
> if you have the hostnames in your known_hosts for the previous system
> you should not get a key change warning using the same hostname on the
> new system.  If your ssh warns on IP address changes that will be the
> only difference.

Maybe, the exact message was

  Warning: the RSA host key for 'hg.sv.gnu.org' differs from the key for the IP
  address '208.118.235.201'

My reflexive response was to run `ssh-keygen -R hg.sv.gnu.org`, log in
again, and verify the fingerprint. My ssh client only displays the
sha256 fingerprint for the ECDSA key, and that's how we ended up here :)

> 1024 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5 (RSA)
> 256 65:b8:1c:2f:82:7c:0e:39:e1:4a:63:f2:13:10:e8:9c (ECDSA)
> 256 14:7b:c8:98:dd:06:08:97:8c:00:9d:d2:ae:85:c8:82 (ED25519)
> 
> 1024 SHA256:FYkx0iik+iBeCLRzvUyUSTRT98TEBBJoYuQsTXbyGL8 (RSA)
> 256 SHA256:qRLLJ4w/GAeiDyYnbx4yWJbZXwGiYYxgNty7lAfUyuM (ECDSA)
> 256 SHA256:o/oI4CKKcWc4cZvDFEdmOXsE3tiPP8bWa04h4bQjtV4 (ED25519)
> 
> hg.savannah.gnu.org ssh-rsa 
> AAAAB3NzaC1yc2EAAAABIwAAAIEAzFQovi+67xa+wymRz9u3plx0ntQnELBoNU4SCl3RkwSFZkrZsRTC0fTpOKatQNs1r/BLFoVt21oVFwIXVevGQwB+Lf0Z+5w9qwVAQNu/YUAFHBPTqBze4wYK/gSWqQOLoj7rOhZk0xtAS6USqcfKdzMdRWgeuZ550P6gSzEHfv0=
> hg.savnnah.gnu.org ecdsa-sha2-nistp256 
> AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP9c1Z2f4OHxymvLxqxQ/hY1g0ol0/iiXUrVFGZBBq4h5gD05c7Gw9rRrcrvF9XvumBvOghOQzDSZZLRWvFGocA=
> hg.savannah.gnu.org ssh-ed25519 
> AAAAC3NzaC1lZDI1NTE5AAAAIMnMLHxGS/b6Su98mL/J58FkpEJY/X1mONqhPBuFX5sJ
> 
> The RSA key is the same on both servers.  The old server does not have
> the newer ciphers.

Thanks!

> Agreed.  Unfortunately the documentation in general is a garget rich
> environment for improvement.  The documentation is definitely an area
> where anyone could jump in and help significantly.

I've just cloned the wiki repo, I'll try to help if I can.

-- 
mike



reply via email to

[Prev in Thread] Current Thread [Next in Thread]