IP/key change for gitlab.haskell.org?

Stefan Schulze Frielinghaus ml at stefansf.de
Fri Jun 26 10:13:44 UTC 2020 

Just in case someone else runs into a similar problem as mine which is
related to the SSH key change:

Removing the old SSH fingerprint from known_hosts file and then running
git resulted in an error for me and the culprit seems to be SSH:

$ ssh -vvvT git at gitlab.haskell.org
...
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection reset by 139.178.85.33 port 22

If I manually add

gitlab.haskell.org,139.178.85.33 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7ltOZyaULDgxE3Vw6RgQVp+OPKQi79ssUenbhdWy36

to $HOME/.ssh/known_hosts, then SSH works again for me and consequently
git also.  I retrieved the known_hosts file entry manually via

$ ssh-keyscan gitlab.haskell.org >> $HOME/.ssh/known_hosts

which interestingly works without any problem.  Note, I'm running a
stock Fedora 32 without any SSH configuration changes except adding my
SSH key.  This is still kind of mystic to me and so far I couldn't
figure out why this is the case, but at least it solves my problem.

Hope this helps in case someone else runs into the same problem.

Cheers,
Stefan


On Thu, Jun 25, 2020 at 11:41:12AM +0100, Richard Eisenberg wrote:
> An innocent `git push` yielded this today:
> 
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> The ED25519 host key for gitlab.haskell.org has changed,
> and the key for the corresponding IP address 139.178.85.33
> is unknown. This could either mean that
> DNS SPOOFING is happening or the IP address for the host
> and its host key have changed at the same time.
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the ED25519 key sent by the remote host is
> SHA256:/dI7zsBRZNPB+0TqskF7rSaZ/LhQw0cF4c5W+4uMlRo.
> Please contact your system administrator.
> Add correct host key in /Users/rae/.ssh/known_hosts to get rid of this message.
> Offending ED25519 key in /Users/rae/.ssh/known_hosts:21
> ED25519 host key for gitlab.haskell.org has changed and you have requested strict checking.
> Host key verification failed.
> 
> I know the server had a rough weekend. Is this a natural consequence, or is something fishy going on?
> 
> Thanks,
> Richard
> _______________________________________________
> ghc-devs mailing list
> ghc-devs at haskell.org
> http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs

More information about the ghc-devs mailing list