[Haskell-cafe] Status update on {code, trac, projects, planet, community}.haskell.org
Vo Minh Thu
noteed at gmail.com
Thu Feb 17 19:53:42 CET 2011
2011/2/17 Henning Thielemann <lemming at henning-thielemann.de>:
> Duncan Coutts schrieb:
>
>> Several people have asked about the new host key. Yes, there is a new
>> RSA host key for the community server, the fingerprint of which is:
>>
>> 21:b8:59:ff:39:69:58:7a:51:ef:c1:d8:c6:24:6e:f7
>>
>> ssh will likely give you a scary warning and you'll need to delete the
>> old entry in your ~/.ssh/known_hosts file. You don't need to enter a new
>> one, just delete the old one. When you next log into the server, ssh
>> will ask you if you're happy with the new key. If you're paranoid, you
>> can double check that it matches the key fingerprint above.
>
> Do you think it is paranoid? Unfortunately it has become quite common to
> ignore SSH warnings because admins often do not care about restoring
> keys when updating the operating system or moving the machine, even not
> telling users that the host key has changed. But if I had ignored the
> SSH warning on code.haskell.org recently I might have logged in and from
> there maybe to other servers, thus giving my passwords to the attackers.
> I think generally that just deleting a host from known_hosts in response
> to an SSH warning and blindly accepting a new host key is not a fix. Am
> I too afraid?
Hi,
Regarding you giving passwords when logging in other marchines, I
think it would not be the case if you only use key authentication from
machines to machines. Your private key can be only on your local
machine and you can use an ssh agent to do log from machines to
machines.
Cheers,
Thu
More information about the Haskell-Cafe
mailing list