On Thu, 2011-02-17 at 19:30 +0100, Henning Thielemann wrote:
Duncan Coutts schrieb:
Several people have asked about the new host key. Yes, there is a new RSA host key for the community server, the fingerprint of which is:
21:b8:59:ff:39:69:58:7a:51:ef:c1:d8:c6:24:6e:f7
ssh will likely give you a scary warning and you'll need to delete the old entry in your ~/.ssh/known_hosts file. You don't need to enter a new one, just delete the old one. When you next log into the server, ssh will ask you if you're happy with the new key. If you're paranoid, you can double check that it matches the key fingerprint above.
Do you think it is paranoid?
Sorry, I didn't mean it literally (or pejoratively).
Unfortunately it has become quite common to ignore SSH warnings because admins often do not care about restoring keys when updating the operating system or moving the machine, even not telling users that the host key has changed. But if I had ignored the SSH warning on code.haskell.org recently I might have logged in and from there maybe to other servers, thus giving my passwords to the attackers. I think generally that just deleting a host from known_hosts in response to an SSH warning and blindly accepting a new host key is not a fix. Am I too afraid?
No, you're quite right. It was these warnings that initially alerted us to the problem. Duncan