On Sat, 2020-07-25 at 00:18 +0200, Baptiste Jonglez wrote:
Can't you just copy the SSH host keys from the old machines?
It's the same service as before and (presumably) the host private keys were not compromised, so there is no reason to change keys.
I'm on the same page as Baptiste here. but even if you change the host keys I think an announcement on the Arch blog would be good. Because this is the message people get right now: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ECDSA host key for aur.archlinux.org has changed, and the key for the corresponding IP address 2a01:4f9:c010:50::1 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:uTa/0PndEgPZTf76e1DFqXKJEXKsn7m9ivhLQtzGOCI. Please contact your system administrator. Add correct host key in /home/xengi/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/xengi/.ssh/known_hosts:154 ECDSA host key for aur.archlinux.org has changed and you have requested strict checking. Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. Many poeple will be pretty scared by it and there is no announcement to calm them down. -- Greetings Ricardo Band https:// www.ricardo.band mailto:// email@ricardo.band xmpp://jabber@ricardo.band