Am Sa., 1. Aug. 2020 um 09:43 Uhr schrieb Marcin Cieslak <saper@saper.info>:
I have clned the python-jenkins repo few days ago and today I am getting this:
git remote update Fetching upstream @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:RXNl/GKyDaKiIQ93BoDvrNSKUPFvA1PNeAO9QiirYZU. Please contact your system administrator. Update the SSHFP RR in DNS with the new host key to get rid of this message. git remote -v upstream ssh://saperski@review.opendev.org:29418/jjb/python-jenkins (fetch) upstream ssh://saperski@review.opendev.org:29418/jjb/python-jenkins (push)
My cached entries are:
[review.opendev.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfsIj/jqpI+2CFdjCL6kOiqdORWvxQ2sQbCzSzzmLXic8yVhCCbwarkvEpfUOHG4eyB0vqVZfMffxf0Yy3qjURrsroBCiuJ8GdiAcGdfYwHNfBI0cR6kydBZL537YDasIk0Z3ILzhwf7474LmkVzS7V2tMTb4ZiBS/jUeiHsVp88FZhIBkyhlb/awAGcUxT5U4QBXCAmerYXeB47FPuz9JFOVyF08LzH9JRe9tfXtqaCNhlSdRe/2pPRvn2EIhn5uHWwATACG9MBdrK8xv8LqPOik2w1JkgLWyBj11vDd5I3IjrmREGw8dqImqp0r6MD8rxqADlc1elfDIXYsy+TVH review.opendev.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjjFqbkqLfVKn5vJnKh/LfGGo0gXp/vWlXRs0H91E0X8ce4r8DHLB8PMScHrX/n7c29/DY3FQqSaYsY6o13dFA=
DNS sshfp records:
review.opendev.org. 193 IN CNAME review01.opendev.org. review01.opendev.org. 276 IN SSHFP 1 1 4A38DD28E379EA443F8A722D8330EF41754F0D5E review01.opendev.org. 276 IN SSHFP 1 2 4234515B3D59F8BF7E7095BD881F39DB21B97A15511C4B10B7FD0240 25AD93FC review01.opendev.org. 276 IN SSHFP 3 1 382C41E6FFC60CF1939B292FA62879B1918145D4 review01.opendev.org. 276 IN SSHFP 3 2 52A81E8DD662F92D903199DBC5068280D33D21D3A8E5BD023FAADD47 99AC1DDF review01.opendev.org. 276 IN SSHFP 4 1 DE5FAA47C38E616ECB2CCC4C30C7E3F788C0927A review01.opendev.org. 276 IN SSHFP 4 2 4BE301BEEC8DCC06C1084BEF1DB1D136686022B7026F678D958E548E 4B7D2FC7
Is everything ok?
The SSHFP records document the keys for the SSH daemon listening on port 22 used for administrative access to the server, not the keys used by gerrit. AFAICT there is no way to specify keys for different ports in DNS, so when accessing gerrit via ssh, you will have to disable DNS verification in order to get rid of this warning. For openssh this would mean to set VerifyHostKeyDNS=no (which is also the default, so likely you must have overridden this somewhere), but I do get a similar error to yours if I set the option to "yes". Side note: Please don't clone from review.opendev.org directly but use our git farm at opendev.org for this, the review site should only be used for gerrit things, like submitting patches. At opendev.org we have multiple gitea servers behind a load balancer, allowing us to scale performance as needed, while we have gerrit is only a single instance with limited resources. Yours Jens -- Dr. Jens Harbott E-Mail: j.harbott@x-ion.de x-ion GmbH Marschnerstrasse 52 22081 Hamburg Vertretungsberechtigter Geschäftsführer: Martin Bosner Registergericht: Amtsgericht Hamburg Registernummer: HRB 125049 Ust-IdNr.: DE 265 898 497 Unsere Informationspflichten gemäß Art. 12 ff. Datenschutz-Grundverordnung finden Sie unter: https://www.x-ion.de/de/datenschutz/informationspflichten