Hi all,
You may have heard of recent troubles with SSH on Debian machines.
Alioth is handled slightly differently than the other boxes, so here's
the situation.
- A new SSH host key has been generated. Its fingerprint is
99:11:ed:30:03:41:ff:9f:f3:74:bd:7d:e1:8f:04:44 and the known_hosts
line reads like this:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxuVlBnTWE9+g5w/uxuk7SmNLEmXPucZz8iE8kE02zaBxPFdlEKJUhUkkf11qkHp9eWVRMro75IRtOJjVLQNmlKjIw+IncqGvj7bvHcAuqYAwNOhuStPnk/W0jwcs52TkNv7MZprRJOrprJGDMSBhovhBNXYYD8kruhQXJRLV9wBWp9p8VrokBbxl/eKXVuvJfyZU20JmKbyLUPdB9vfQQr9o3btwM//A61WL8sFnnu7JfetbFNGmnO+AwIew/QLs/8BOrwk1RwrcuKcs1ULMTgmUK8/QCpM3I9BhLYl/ypxpADiJFSbTRqqzg5xU/UkNQ3NEmXL2G2A2UWLEuUd22Q== root@alioth
- A new SSL key has also been generated for HTTPS. Its SHA1
fingerprint is
FC:89:CF:26:00:5E:EE:BE:54:35:6E:7A:B6:3E:C3:65:EB:17:8F:38. If you
already have the new certificate from SPI, then the Alioth key
should already be trusted.
- All ~/.ssh/authorized_keys (and authorized_keys2) files have been
removed. The data in the database has been wiped too, so they won't
be regenerated until you re-submit your key on your account page.
- Keys submitted through the web interface are now filtered, and only
RSA keys end up in your authorized_keys file. Don't even try
putting DSA keys in your authorized_keys2 file, the use of that file
has been disabled (and it'll be deleted anyway).
- Updated openssh packages have been installed, so blacklisted (known
compromised) keys will be rejected by SSH.
- If you were previously using an RSA key and you *know* it's been
generated securely (not on a Debian or derivative system, or at
least two years ago), then *maybe* it's reasonable to re-upload it.
In all other cases (and, shall I say, in any case), we highly
recommend you regenerate a new RSA key pair.
- If you have read and understood all of the above, then you may start
logging onto Alioth with SSH keys again.
Roland,
on behalf of the Alioth team.
--
Roland Mas
A lesson for you all: never fall in love during a total eclipse.
-- Senex, in A Funny Thing Happened on the Way to the Forum
attachment0 (266 bytes)