review.opendev.org SSH key change?

Mohammed Naser mnaser at vexxhost.com
Sat Aug 1 12:29:26 UTC 2020


Hi Marin,

I did a bit of digging and I'm not sure why you're seeing that message
(perhaps the SSHFP records point to the _system_ SSH keys and not
Gerrit), anyhow:

`ssh-keyscan -p29418 review.opendev.org` matches the key cached in my
system (and yours).  `ssh-keyscan -p29418 review.opendev.org |
ssh-keygen -lf -` matches the fingerprint you're being provided.. have
you updated your SSH client recently?

Thanks
Mohammed

On Sat, Aug 1, 2020 at 3:43 AM Marcin Cieslak <saper at saper.info> wrote:
>
> I have clned the python-jenkins repo few days ago and today I am getting this:
>
> > git remote update
> Fetching upstream
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> SHA256:RXNl/GKyDaKiIQ93BoDvrNSKUPFvA1PNeAO9QiirYZU.
> Please contact your system administrator.
> Update the SSHFP RR in DNS with the new host key to get rid of this message.
> > git remote -v
> upstream        ssh://saperski@review.opendev.org:29418/jjb/python-jenkins (fetch)
> upstream        ssh://saperski@review.opendev.org:29418/jjb/python-jenkins (push)
>
> My cached entries are:
>
> [review.opendev.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfsIj/jqpI+2CFdjCL6kOiqdORWvxQ2sQbCzSzzmLXic8yVhCCbwarkvEpfUOHG4eyB0vqVZfMffxf0Yy3qjURrsroBCiuJ8GdiAcGdfYwHNfBI0cR6kydBZL537YDasIk0Z3ILzhwf7474LmkVzS7V2tMTb4ZiBS/jUeiHsVp88FZhIBkyhlb/awAGcUxT5U4QBXCAmerYXeB47FPuz9JFOVyF08LzH9JRe9tfXtqaCNhlSdRe/2pPRvn2EIhn5uHWwATACG9MBdrK8xv8LqPOik2w1JkgLWyBj11vDd5I3IjrmREGw8dqImqp0r6MD8rxqADlc1elfDIXYsy+TVH
> review.opendev.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjjFqbkqLfVKn5vJnKh/LfGGo0gXp/vWlXRs0H91E0X8ce4r8DHLB8PMScHrX/n7c29/DY3FQqSaYsY6o13dFA=
>
> DNS sshfp records:
>
> review.opendev.org.     193     IN      CNAME   review01.opendev.org.
> review01.opendev.org.   276     IN      SSHFP   1 1 4A38DD28E379EA443F8A722D8330EF41754F0D5E
> review01.opendev.org.   276     IN      SSHFP   1 2 4234515B3D59F8BF7E7095BD881F39DB21B97A15511C4B10B7FD0240 25AD93FC
> review01.opendev.org.   276     IN      SSHFP   3 1 382C41E6FFC60CF1939B292FA62879B1918145D4
> review01.opendev.org.   276     IN      SSHFP   3 2 52A81E8DD662F92D903199DBC5068280D33D21D3A8E5BD023FAADD47 99AC1DDF
> review01.opendev.org.   276     IN      SSHFP   4 1 DE5FAA47C38E616ECB2CCC4C30C7E3F788C0927A
> review01.opendev.org.   276     IN      SSHFP   4 2 4BE301BEEC8DCC06C1084BEF1DB1D136686022B7026F678D958E548E 4B7D2FC7
>
> Is everything ok?
>
> Marcin



-- 
Mohammed Naser
VEXXHOST, Inc.



More information about the service-discuss mailing list