[aur-general] [arch-dev-public] AUR migration

Henry-Joseph Audéoud h.audeoud+arch at gmail.com
Tue Jul 28 08:29:51 UTC 2020

On 28/07/2020 02:43, Gaetan Bisson via arch-dev-public wrote:
> [2020-07-27 21:10:23 -0300] Giancarlo Razzolini:
>> Em julho 27, 2020 21:03 Gaetan Bisson escreveu:
>>> It's quite unsettling that we seem to be rushing to write a news post
>>> while this very reasonable suggestion remains completely ignored.
>> It wasn't ignored. They keys were deliberately changed in the process.
> Why? Baptiste rightly points out "it's the same service as before and
> (presumably) the host private keys were not compromised, so there is no
> reason to change keys." Yet his message remains unanswered...

Luna is a host, AUR is a service.

With HTTPS, one can configure the host to provide the *service* 
server-side certificate depending on the "Host:" header.  E. g., appolo 
providing a certificate dedicated to the archlinux wiki service, even 
though it may host many other services.

Here, with SSH, the service requested is deduced from the login: 
"aur@…".  I do not know any configuration option to change the SSH host 
key depending on the login (service) requested by the client.

So, with SSH, the host key is the same as the service key.  If the key 
of the AUR service (so the key of luna itself) is migrated to the new 
server, luna and the new server will share the same host key.

Do you really want both servers have the same key?

Henry-Joseph Audéoud

More information about the aur-general mailing list