wiki:News/KeysReset

SSH Host Keys Reset

During today's maintenance, the host keys for all outward-facing SSH servers (and possibly some others) were reset. This change was part of a regular security update from the Debian maintainers, related to a recently found bug in the random number generator used to generate the previous host keys. When you log in to ORBIT servers using SSH, you will probably see a message like the following.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.

To remedy this problem, you must either remove the lines for ORBIT servers from your .ssh/known_hosts file, or simply remove the known_hosts file and start the process of collecting host keys over again.

We may likewise regenerate self-signed SSL certificates for secure web services, in which case you may get a stern warning from your browser that you will have to click through.

As time allows, we will publish fingerprints for the new host keys.

Last modified 13 years ago Last modified on May 31, 2008, 8:27:12 PM
Note: See TracWiki for help on using the wiki.