Hi all, You may have heard of recent troubles with SSH on Debian machines. Alioth is handled slightly differently than the other boxes, so here's the situation. - A new SSH host key has been generated. Its fingerprint is 99:11:ed:30:03:41:ff:9f:f3:74:bd:7d:e1:8f:04:44 and the known_hosts line reads like this: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxuVlBnTWE9+g5w/uxuk7SmNLEmXPucZz8iE8kE02zaBxPFdlEKJUhUkkf11qkHp9eWVRMro75IRtOJjVLQNmlKjIw+IncqGvj7bvHcAuqYAwNOhuStPnk/W0jwcs52TkNv7MZprRJOrprJGDMSBhovhBNXYYD8kruhQXJRLV9wBWp9p8VrokBbxl/eKXVuvJfyZU20JmKbyLUPdB9vfQQr9o3btwM//A61WL8sFnnu7JfetbFNGmnO+AwIew/QLs/8BOrwk1RwrcuKcs1ULMTgmUK8/QCpM3I9BhLYl/ypxpADiJFSbTRqqzg5xU/UkNQ3NEmXL2G2A2UWLEuUd22Q== root@alioth - A new SSL key has also been generated for HTTPS. Its SHA1 fingerprint is FC:89:CF:26:00:5E:EE:BE:54:35:6E:7A:B6:3E:C3:65:EB:17:8F:38. If you already have the new certificate from SPI, then the Alioth key should already be trusted. - All ~/.ssh/authorized_keys (and authorized_keys2) files have been removed. The data in the database has been wiped too, so they won't be regenerated until you re-submit your key on your account page. - Keys submitted through the web interface are now filtered, and only RSA keys end up in your authorized_keys file. Don't even try putting DSA keys in your authorized_keys2 file, the use of that file has been disabled (and it'll be deleted anyway). - Updated openssh packages have been installed, so blacklisted (known compromised) keys will be rejected by SSH. - If you were previously using an RSA key and you *know* it's been generated securely (not on a Debian or derivative system, or at least two years ago), then *maybe* it's reasonable to re-upload it. In all other cases (and, shall I say, in any case), we highly recommend you regenerate a new RSA key pair. - If you have read and understood all of the above, then you may start logging onto Alioth with SSH keys again. Roland, on behalf of the Alioth team. -- Roland Mas A lesson for you all: never fall in love during a total eclipse. -- Senex, in A Funny Thing Happened on the Way to the Forum
Attachment:
pgpfIWNS3YKfZ.pgp
Description: PGP signature