[aur-general] [arch-dev-public] AUR migration

Ricardo Band email at ricardo.band
Mon Jul 27 08:51:46 UTC 2020 

On Sat, 2020-07-25 at 00:18 +0200, Baptiste Jonglez wrote:
> Can't you just copy the SSH host keys from the old machines?
> 
> It's the same service as before and (presumably) the host private
> keys
> were not compromised, so there is no reason to change keys.
> 

I'm on the same page as Baptiste here.
but even if you change the host keys I think an announcement on the
Arch blog would be good. Because this is the message people get right
now:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for aur.archlinux.org has changed,
and the key for the corresponding IP address 2a01:4f9:c010:50::1
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:uTa/0PndEgPZTf76e1DFqXKJEXKsn7m9ivhLQtzGOCI.
Please contact your system administrator.
Add correct host key in /home/xengi/.ssh/known_hosts to get rid of this
message.
Offending ECDSA key in /home/xengi/.ssh/known_hosts:154
ECDSA host key for aur.archlinux.org has changed and you have requested
strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.


Many poeple will be pretty scared by it and there is no announcement to
calm them down.

-- 

Greetings

Ricardo Band

 https://   www.ricardo.band
mailto:// email at ricardo.band
  xmpp://jabber@ricardo.band
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: This is a digitally signed message part
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20200727/49fe5526/attachment.sig>

More information about the aur-general mailing list