IP/key change for gitlab.haskell.org?
An innocent `git push` yielded this today: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ED25519 host key for gitlab.haskell.org has changed, and the key for the corresponding IP address 139.178.85.33 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:/dI7zsBRZNPB+0TqskF7rSaZ/LhQw0cF4c5W+4uMlRo. Please contact your system administrator. Add correct host key in /Users/rae/.ssh/known_hosts to get rid of this message. Offending ED25519 key in /Users/rae/.ssh/known_hosts:21 ED25519 host key for gitlab.haskell.org has changed and you have requested strict checking. Host key verification failed. I know the server had a rough weekend. Is this a natural consequence, or is something fishy going on? Thanks, Richard
Hi Richard,
Ben had pointed out this issue in
https://mail.haskell.org/pipermail/ghc-devs/2020-June/019000.html
On my system I used the command
ssh-keygen -f "/home/simon/.ssh/known_hosts" -R gitlab.haskell.org
to remove the problematic key.
The next `git pull` then included a prompt to add the new key.
Cheers,
Simon
Am Do., 25. Juni 2020 um 12:41 Uhr schrieb Richard Eisenberg
An innocent `git push` yielded this today:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ED25519 host key for gitlab.haskell.org has changed, and the key for the corresponding IP address 139.178.85.33 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:/dI7zsBRZNPB+0TqskF7rSaZ/LhQw0cF4c5W+4uMlRo. Please contact your system administrator. Add correct host key in /Users/rae/.ssh/known_hosts to get rid of this message. Offending ED25519 key in /Users/rae/.ssh/known_hosts:21 ED25519 host key for gitlab.haskell.org has changed and you have requested strict checking. Host key verification failed.
I know the server had a rough weekend. Is this a natural consequence, or is something fishy going on?
Thanks, Richard _______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
On June 25, 2020 6:41:12 AM EDT, Richard Eisenberg
An innocent `git push` yielded this today:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ED25519 host key for gitlab.haskell.org has changed, and the key for the corresponding IP address 139.178.85.33 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:/dI7zsBRZNPB+0TqskF7rSaZ/LhQw0cF4c5W+4uMlRo. Please contact your system administrator. Add correct host key in /Users/rae/.ssh/known_hosts to get rid of this message. Offending ED25519 key in /Users/rae/.ssh/known_hosts:21 ED25519 host key for gitlab.haskell.org has changed and you have requested strict checking. Host key verification failed.
I know the server had a rough weekend. Is this a natural consequence, or is something fishy going on?
Thanks, Richard _______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Yes, as Simon pointed out this is expected. My apologies for the incovenience. Cheers, - Ben
Just in case someone else runs into a similar problem as mine which is related to the SSH key change: Removing the old SSH fingerprint from known_hosts file and then running git resulted in an error for me and the culprit seems to be SSH: $ ssh -vvvT git@gitlab.haskell.org ... debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY Connection reset by 139.178.85.33 port 22 If I manually add gitlab.haskell.org,139.178.85.33 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7ltOZyaULDgxE3Vw6RgQVp+OPKQi79ssUenbhdWy36 to $HOME/.ssh/known_hosts, then SSH works again for me and consequently git also. I retrieved the known_hosts file entry manually via $ ssh-keyscan gitlab.haskell.org >> $HOME/.ssh/known_hosts which interestingly works without any problem. Note, I'm running a stock Fedora 32 without any SSH configuration changes except adding my SSH key. This is still kind of mystic to me and so far I couldn't figure out why this is the case, but at least it solves my problem. Hope this helps in case someone else runs into the same problem. Cheers, Stefan On Thu, Jun 25, 2020 at 11:41:12AM +0100, Richard Eisenberg wrote:
An innocent `git push` yielded this today:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ED25519 host key for gitlab.haskell.org has changed, and the key for the corresponding IP address 139.178.85.33 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:/dI7zsBRZNPB+0TqskF7rSaZ/LhQw0cF4c5W+4uMlRo. Please contact your system administrator. Add correct host key in /Users/rae/.ssh/known_hosts to get rid of this message. Offending ED25519 key in /Users/rae/.ssh/known_hosts:21 ED25519 host key for gitlab.haskell.org has changed and you have requested strict checking. Host key verification failed.
I know the server had a rough weekend. Is this a natural consequence, or is something fishy going on?
Thanks, Richard _______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
participants (4)
-
Ben Gamari -
Richard Eisenberg -
Simon Jakobi -
Stefan Schulze Frielinghaus