| | 1 | |
| | 2 | |
| | 3 | = SSH Host Keys Reset = |
| | 4 | During today's maintenance, the host keys for all outward-facing SSH servers (and possibly some others) were reset. This change was part of a regular security update from the Debian maintainers, related to a recently found bug in the random number generator used to generate the previous host keys. When you log in to ORBIT servers using SSH, you will probably see a message like the following. |
| | 5 | |
| | 6 | {{{ |
| | 7 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ |
| | 8 | @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ |
| | 9 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ |
| | 10 | IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! |
| | 11 | Someone could be eavesdropping on you right now (man-in-the-middle attack)! |
| | 12 | It is also possible that the RSA host key has just been changed. |
| | 13 | }}} |
| | 14 | |
| | 15 | To remedy this problem, you must either remove the lines for ORBIT servers from your {{{.ssh/known_hosts}}} file, or simply remove the {{{known_hosts}}} file and start the process of collecting host keys over again. |
| | 16 | |
| | 17 | We may likewise regenerate self-signed SSL certificates for secure web services, in which case you may get a stern warning from your browser that you will have to click through. |
| | 18 | |
| | 19 | As time allows, we will publish fingerprints for the new host keys. |
