« Return to Thread: Alioth and SSH: restored
Alioth and SSH: restored
by Roland Mas
::
Rate this Message:
Hi all,
You may have heard of recent troubles with SSH on Debian machines.
Alioth is handled slightly differently than the other boxes, so here's
the situation.
- A new SSH host key has been generated. Its fingerprint is
99:11:ed:30:03:41:ff:9f:f3:74:bd:7d:e1:8f:04:44 and the known_hosts
line reads like this:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxuVlBnTWE9+g5w/uxuk7SmNLEmXPucZz8iE8kE02zaBxPFdlEKJUhUkkf11qkHp9eWVRMro75IRtOJjVLQNmlKjIw+IncqGvj7bvHcAuqYAwNOhuStPnk/W0jwcs52TkNv7MZprRJOrprJGDMSBhovhBNXYYD8kruhQXJRLV9wBWp9p8VrokBbxl/eKXVuvJfyZU20JmKbyLUPdB9vfQQr9o3btwM//A61WL8sFnnu7JfetbFNGmnO+AwIew/QLs/8BOrwk1RwrcuKcs1ULMTgmUK8/QCpM3I9BhLYl/ypxpADiJFSbTRqqzg5xU/UkNQ3NEmXL2G2A2UWLEuUd22Q== root@alioth
- A new SSL key has also been generated for HTTPS. Its SHA1
fingerprint is
FC:89:CF:26:00:5E:EE:BE:54:35:6E:7A:B6:3E:C3:65:EB:17:8F:38. If you
already have the new certificate from SPI, then the Alioth key
should already be trusted.
- All ~/.ssh/authorized_keys (and authorized_keys2) files have been
removed. The data in the database has been wiped too, so they won't
be regenerated until you re-submit your key on your account page.
- Keys submitted through the web interface are now filtered, and only
RSA keys end up in your authorized_keys file. Don't even try
putting DSA keys in your authorized_keys2 file, the use of that file
has been disabled (and it'll be deleted anyway).
- Updated openssh packages have been installed, so blacklisted (known
compromised) keys will be rejected by SSH.
- If you were previously using an RSA key and you *know* it's been
generated securely (not on a Debian or derivative system, or at
least two years ago), then *maybe* it's reasonable to re-upload it.
In all other cases (and, shall I say, in any case), we highly
recommend you regenerate a new RSA key pair.
- If you have read and understood all of the above, then you may start
logging onto Alioth with SSH keys again.
Roland,
on behalf of the Alioth team.
--
Roland Mas
A lesson for you all: never fall in love during a total eclipse.
-- Senex, in A Funny Thing Happened on the Way to the Forum
You may have heard of recent troubles with SSH on Debian machines.
Alioth is handled slightly differently than the other boxes, so here's
the situation.
- A new SSH host key has been generated. Its fingerprint is
99:11:ed:30:03:41:ff:9f:f3:74:bd:7d:e1:8f:04:44 and the known_hosts
line reads like this:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxuVlBnTWE9+g5w/uxuk7SmNLEmXPucZz8iE8kE02zaBxPFdlEKJUhUkkf11qkHp9eWVRMro75IRtOJjVLQNmlKjIw+IncqGvj7bvHcAuqYAwNOhuStPnk/W0jwcs52TkNv7MZprRJOrprJGDMSBhovhBNXYYD8kruhQXJRLV9wBWp9p8VrokBbxl/eKXVuvJfyZU20JmKbyLUPdB9vfQQr9o3btwM//A61WL8sFnnu7JfetbFNGmnO+AwIew/QLs/8BOrwk1RwrcuKcs1ULMTgmUK8/QCpM3I9BhLYl/ypxpADiJFSbTRqqzg5xU/UkNQ3NEmXL2G2A2UWLEuUd22Q== root@alioth
- A new SSL key has also been generated for HTTPS. Its SHA1
fingerprint is
FC:89:CF:26:00:5E:EE:BE:54:35:6E:7A:B6:3E:C3:65:EB:17:8F:38. If you
already have the new certificate from SPI, then the Alioth key
should already be trusted.
- All ~/.ssh/authorized_keys (and authorized_keys2) files have been
removed. The data in the database has been wiped too, so they won't
be regenerated until you re-submit your key on your account page.
- Keys submitted through the web interface are now filtered, and only
RSA keys end up in your authorized_keys file. Don't even try
putting DSA keys in your authorized_keys2 file, the use of that file
has been disabled (and it'll be deleted anyway).
- Updated openssh packages have been installed, so blacklisted (known
compromised) keys will be rejected by SSH.
- If you were previously using an RSA key and you *know* it's been
generated securely (not on a Debian or derivative system, or at
least two years ago), then *maybe* it's reasonable to re-upload it.
In all other cases (and, shall I say, in any case), we highly
recommend you regenerate a new RSA key pair.
- If you have read and understood all of the above, then you may start
logging onto Alioth with SSH keys again.
Roland,
on behalf of the Alioth team.
--
Roland Mas
A lesson for you all: never fall in love during a total eclipse.
-- Senex, in A Funny Thing Happened on the Way to the Forum
attachment0 (266 bytes) « Return to Thread: Alioth and SSH: restored
| Free Forum Powered by Nabble | Forum Help |
