[Haskell-cafe] Status update on {code, trac, projects, planet, community}.haskell.org
Henning Thielemann
lemming at henning-thielemann.de
Thu Feb 17 19:30:23 CET 2011
Duncan Coutts schrieb:
> Several people have asked about the new host key. Yes, there is a new
> RSA host key for the community server, the fingerprint of which is:
>
> 21:b8:59:ff:39:69:58:7a:51:ef:c1:d8:c6:24:6e:f7
>
> ssh will likely give you a scary warning and you'll need to delete the
> old entry in your ~/.ssh/known_hosts file. You don't need to enter a new
> one, just delete the old one. When you next log into the server, ssh
> will ask you if you're happy with the new key. If you're paranoid, you
> can double check that it matches the key fingerprint above.
Do you think it is paranoid? Unfortunately it has become quite common to
ignore SSH warnings because admins often do not care about restoring
keys when updating the operating system or moving the machine, even not
telling users that the host key has changed. But if I had ignored the
SSH warning on code.haskell.org recently I might have logged in and from
there maybe to other servers, thus giving my passwords to the attackers.
I think generally that just deleting a host from known_hosts in response
to an SSH warning and blindly accepting a new host key is not a fix. Am
I too afraid?
More information about the Haskell-Cafe
mailing list