[Haskell-cafe] Status update on {code, trac, projects, planet, community}.haskell.org

Vincent Hanquez tab at snarc.org
Thu Feb 17 19:54:27 CET 2011

On Thu, Feb 17, 2011 at 07:30:23PM +0100, Henning Thielemann wrote:
> Do you think it is paranoid? Unfortunately it has become quite common to
> ignore SSH warnings because admins often do not care about restoring
> keys when updating the operating system or moving the machine, even not
> telling users that the host key has changed. But if I had  ignored the
> SSH warning on code.haskell.org recently I might have logged in and from
> there maybe to other servers, thus giving my passwords to the attackers.
> I think generally that just deleting a host from known_hosts in response
> to an SSH warning and blindly accepting a new host key is not a fix. Am
> I too afraid?

If sshd has been compromised, so is the original host private key. It would be
kind of pointless (security wise) to restore it on the new server.


More information about the Haskell-Cafe mailing list