[Haskell-cafe] Status update on {code, trac, projects, planet, community}.haskell.org

Duncan Coutts duncan.coutts at googlemail.com
Fri Feb 18 12:36:35 CET 2011


On Thu, 2011-02-17 at 19:30 +0100, Henning Thielemann wrote:
> Duncan Coutts schrieb:
> 
> > Several people have asked about the new host key. Yes, there is a new
> > RSA host key for the community server, the fingerprint of which is:
> > 
> > 21:b8:59:ff:39:69:58:7a:51:ef:c1:d8:c6:24:6e:f7
> > 
> > ssh will likely give you a scary warning and you'll need to delete the
> > old entry in your ~/.ssh/known_hosts file. You don't need to enter a new
> > one, just delete the old one. When you next log into the server, ssh
> > will ask you if you're happy with the new key. If you're paranoid, you
> > can double check that it matches the key fingerprint above.
> 
> Do you think it is paranoid?

Sorry, I didn't mean it literally (or pejoratively).

> Unfortunately it has become quite common to ignore SSH warnings
> because admins often do not care about restoring keys when updating
> the operating system or moving the machine, even not telling users
> that the host key has changed. But if I had  ignored the SSH warning
> on code.haskell.org recently I might have logged in and from there
> maybe to other servers, thus giving my passwords to the attackers. I
> think generally that just deleting a host from known_hosts in response
> to an SSH warning and blindly accepting a new host key is not a fix. Am
> I too afraid?

No, you're quite right. It was these warnings that initially alerted us
to the problem.

Duncan




More information about the Haskell-Cafe mailing list