On 7/27/20 8:03 PM, Gaetan Bisson via arch-dev-public wrote:
[2020-07-25 00:18:55 +0200] Baptiste Jonglez:
On 24-07-20, Giancarlo Razzolini via arch-dev-public wrote:
The migration is almost done. Since we are moving to a new machine, it will have new host keys. They are:
Ed25519: SHA256:RFzBCUItH9LZS0cKB5UE6ceAYhBD5C8GeOBip8Z11+4 ECDSA: SHA256:5s5cIyReIfNNVGRFdDbe3hdYiI5OelHGpw2rOUud3Q8 RSA: SHA256:uTa/0PndEgPZTf76e1DFqXKJEXKsn7m9ivhLQtzGOCI
Can't you just copy the SSH host keys from the old machines?
It's the same service as before and (presumably) the host private keys were not compromised, so there is no reason to change keys.
It's quite unsettling that we seem to be rushing to write a news post while this very reasonable suggestion remains completely ignored.
Nothing "unsettling", about it, the suggestion is not as reasonable as it seems on the surface (because the old box is still in use), but even without that knowledge, given devops clearly didn't do that I don't understand the rationale for refusing a news post after the fact. If you think the old box is out of use and deleted, then the keys would be gone and it would be too late to transfer them.
For future migrations I would greatly appreciate if not all on-disk data were thrown away. On top of SSH keys, there are home directories which contain not only user data but also in some cases things useful for the distro as a whole (such as the service I use to version iana-etc files).
Is there reason to believe that this data was thrown away? We were given warning when soyuz got decommissioned, to backup data before the decommissioning date. And orion is not decommissioned, it is still used for mail at least, so your data there is untouched and still accessible. -- Eli Schwartz Bug Wrangler and Trusted User