Re: new host key?: Re: compromise of gluck.debian.org, lock down of other debian.org machines

[Brian May <bam@debian.org>]

>>>>> "Osamu" == Osamu Aoki <osamu@debian.org> writes:

    Osamu> Hi, Are you sure it is Debian gluck issue?

It was working fine all the time up and until the compromise of
gluck.debian.org.

I haven't made any changes to the software on this computer, except to
install the odd security fix.

(I don't think any security fixes recently were for ssh either).

So, from my point of view, it would appear to be a gluck problem.

Hmmm. but it works fine from my Etch system.

So maybe something has changed on gluck to break connections from ssh
in sarge?????

(note: I am using ssh-krb5 - not that should matter - it authenticated
OK).

This is weird. Maybe I will need to experiment more.

    Osamu> It looks like gluck's new SSH uses new host identification.

    Osamu> I got following message when I connected with ssh -v ...
    Osamu> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Osamu> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!  @
    Osamu> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Osamu> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

    Osamu> After removing old entries from ~/.ssh/known_hosts, I can
    Osamu> update host key and login.

Yes, I got that.

    Osamu> PS: It would have been nicer if old hosk identification was
    Osamu> backuped and used in new system.

They may have been concerned that the old host identification had been
compromised, if so, changing it is the only thing they could do.
-- 
Brian May <bam@debian.org>