Trac SSH key change
68 views
Skip to first unread message
Antoine Leudière
Aug 30, 2022, 5:41:05 AM8/30/22
to sage-devel
Hi,
It seems the Trac SSH server key has changed; got this message after attempting
`git push`:
```
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:...
Please contact your system administrator.
Add correct host key in myhome/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in myhome/.ssh/known_hosts:34
remove with:
ssh-keygen -f "myhome/.ssh/known_hosts" -R "trac.sagemath.org"
Host key for trac.sagemath.org has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
```
Can you confirm that this is normal, and that I can proceed? Is this related to
https://groups.google.com/u/1/g/sage-devel/c/iHgyTYbNOn0 ?
Regards,
Antoine Leudière
It seems the Trac SSH server key has changed; got this message after attempting
`git push`:
```
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:...
Please contact your system administrator.
Add correct host key in myhome/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in myhome/.ssh/known_hosts:34
remove with:
ssh-keygen -f "myhome/.ssh/known_hosts" -R "trac.sagemath.org"
Host key for trac.sagemath.org has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
```
Can you confirm that this is normal, and that I can proceed? Is this related to
https://groups.google.com/u/1/g/sage-devel/c/iHgyTYbNOn0 ?
Regards,
Antoine Leudière
Dima Pasechnik
Aug 30, 2022, 5:43:53 AM8/30/22
to sage-devel
yes, it is expected. The upgrade caused a change in host keys.
Regards,
Antoine Leudière
--
You received this message because you are subscribed to the Google Groups "sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sage-devel/13479c23-6f18-4e8b-900d-24422acbaae6n%40googlegroups.com.
Jan Groenewald
Aug 30, 2022, 6:18:41 AM8/30/22
to sage-...@googlegroups.com
Hi
The new key fingerprints are:
root@trac:/etc/ssh# for i in dsa ecdsa ed25519 rsa;do ssh-keygen -lf ssh_host_${i}_key.pub;done
1024 SHA256:OcDDAITkg6PYce8VfnQJDPU+c84Uv2oy5wghE28XZD4 root@trac (DSA)
256 SHA256:29lzUeszegCYCnVMOJ+Ts/IlCwojLuf03NnVoLlONEs root@trac (ECDSA)
256 SHA256:hWfFCmt2bNQNjHupWnvu2iuvBeCMjqD2osowXpRPwMs root@trac (ED25519)
2048 SHA256:S9jrXdoHRX6eTb8DdctCoOy6DSqSRKm43Zn5u0zeRCg root@trac (RSA)
1024 SHA256:OcDDAITkg6PYce8VfnQJDPU+c84Uv2oy5wghE28XZD4 root@trac (DSA)
256 SHA256:29lzUeszegCYCnVMOJ+Ts/IlCwojLuf03NnVoLlONEs root@trac (ECDSA)
256 SHA256:hWfFCmt2bNQNjHupWnvu2iuvBeCMjqD2osowXpRPwMs root@trac (ED25519)
2048 SHA256:S9jrXdoHRX6eTb8DdctCoOy6DSqSRKm43Zn5u0zeRCg root@trac (RSA)
Regards,
Jan
To view this discussion on the web visit https://groups.google.com/d/msgid/sage-devel/CAAWYfq3AkhQwG_Y6WZnHEq-Mnf2w2iMwQrt54x0nhhQazbGsMQ%40mail.gmail.com.
--
.~.
/V\ Jan Groenewald
/( )\ www.aims.ac.za
^^-^^
/V\ Jan Groenewald
/( )\ www.aims.ac.za
^^-^^
Antoine Leudière
Aug 30, 2022, 7:25:30 AM8/30/22
to sage-devel
Thanks a lot.
A.
Jan Groenewald
Aug 31, 2022, 3:19:39 PM8/31/22
to sage-...@googlegroups.com
For what it is worth, this seems to be when/why the host keys changed:
root@trac:~# grep -B1 \ google-compute-engine$ /var/log/apt/history.log
Start-Date: 2022-08-28 11:13:16
Commandline: apt install google-compute-engine
root@trac:~# journalctl |grep Instance\ ID
Aug 28 11:13:18 trac google_guest_agent[30286]: Instance ID changed, running first-boot actions
root@trac:~# ls -l /etc/ssh/ssh_host_ecdsa_key*
-rw------- 1 root root 227 Aug 28 11:13 /etc/ssh/ssh_host_ecdsa_key
-rw-r--r-- 1 root root 171 Aug 28 11:13 /etc/ssh/ssh_host_ecdsa_key.pub
Start-Date: 2022-08-28 11:13:16
Commandline: apt install google-compute-engine
root@trac:~# journalctl |grep Instance\ ID
Aug 28 11:13:18 trac google_guest_agent[30286]: Instance ID changed, running first-boot actions
root@trac:~# ls -l /etc/ssh/ssh_host_ecdsa_key*
-rw------- 1 root root 227 Aug 28 11:13 /etc/ssh/ssh_host_ecdsa_key
-rw-r--r-- 1 root root 171 Aug 28 11:13 /etc/ssh/ssh_host_ecdsa_key.pub
I installed google-compute-engine after the OS upgrade because:
root@trac:~# apt-cache show google-compute-engine|grep Replace
Replaces: gce-cloud-config, gce-compute-image-packages (<< 20191115), gce-daemon, gce-startup-scripts
Replaces: gce-cloud-config, gce-compute-image-packages (<< 20191115), gce-daemon, gce-startup-scripts
(Wasn't expecting a host key change though, my apologies)
Regards,
Jan
Reply all
Reply to author
Forward
0 new messages