Mailing List Archive: Wikipedia: Wikitech

SVN server host key has changed

Index | Next | Previous | View Threaded

brion at wikimedia

May 13, 2008, 11:42 AM

Post #1 of 6 (167 views)
Permalink

SVN server host key has changed

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note for all SVN committers:

The SSH host key for svn.wikimedia.org has been changed today, so you
may receive a scary-looking warning about mismatched host keys when you
next update.

The new fingerprint is:
4d:76:a4:a2:47:c1:bc:a8:d5:d7:51:ec:15:71:77:9a

It's safe to remove the old key records from your ~/.ssh/known_hosts
files and accept the new one.

The key was changed due to a possible security problem with the
generation of the old keys:

http://lists.debian.org/debian-security-announce/2008/msg00152.html

This may affect various peoples' personal desktops & servers, so take a
peek around your own systems!

- -- brion vibber (brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgp4PoACgkQwRnhpk1wk46DqgCgqaVANcPl766vceaxcUAHIrvM
CjQAoJM66ElW8EM/GkR/6nL1nOIjZA78
=wRUR
-----END PGP SIGNATURE-----

_______________________________________________
Wikitech-l mailing list
Wikitech-l[at]lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

dale at ucsc

May 13, 2008, 6:13 PM

Post #2 of 6 (158 views)
Permalink

Re: SVN server host key has changed [In reply to]

svn commits seem not to be working for me since the svn server host key
changed :(

I am getting error: Permission denied (publickey,password) on requests
for svn updates and commits. I deleted old known_hosts file and
approved the new fingerprint... My id_rsa.pub is the same as before and
my pass phrase works locally.

... is there anything else I could check?

--michael

Brion Vibber wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Note for all SVN committers:
>
> The SSH host key for svn.wikimedia.org has been changed today, so you
> may receive a scary-looking warning about mismatched host keys when you
> next update.
>
> The new fingerprint is:
> 4d:76:a4:a2:47:c1:bc:a8:d5:d7:51:ec:15:71:77:9a
>
> It's safe to remove the old key records from your ~/.ssh/known_hosts
> files and accept the new one.
>
>
> The key was changed due to a possible security problem with the
> generation of the old keys:
>
> http://lists.debian.org/debian-security-announce/2008/msg00152.html
>
> This may affect various peoples' personal desktops & servers, so take a
> peek around your own systems!
>
> - -- brion vibber (brion @ wikimedia.org)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkgp4PoACgkQwRnhpk1wk46DqgCgqaVANcPl766vceaxcUAHIrvM
> CjQAoJM66ElW8EM/GkR/6nL1nOIjZA78
> =wRUR
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l[at]lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>

_______________________________________________
Wikitech-l mailing list
Wikitech-l[at]lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

dan_the_man at telus

May 14, 2008, 12:04 AM

Post #3 of 6 (158 views)
Permalink

Re: SVN server host key has changed [In reply to]

^_^ Lucky me... I haven't even got SSH keys to work... :/ Need to though...
Well, mines updated now. T_T Now I just need to get SSH keys working in
the first place.

~Daniel Friesen(Dantman) of:
-The Gaiapedia (http://gaia.wikia.com)
-Wikia ACG on Wikia.com (http://wikia.com/wiki/Wikia_ACG)
-and Wiki-Tools.com (http://wiki-tools.com)

Brion Vibber wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Note for all SVN committers:
>
> The SSH host key for svn.wikimedia.org has been changed today, so you
> may receive a scary-looking warning about mismatched host keys when you
> next update.
>
> The new fingerprint is:
> 4d:76:a4:a2:47:c1:bc:a8:d5:d7:51:ec:15:71:77:9a
>
> It's safe to remove the old key records from your ~/.ssh/known_hosts
> files and accept the new one.
>
>
> The key was changed due to a possible security problem with the
> generation of the old keys:
>
> http://lists.debian.org/debian-security-announce/2008/msg00152.html
>
> This may affect various peoples' personal desktops & servers, so take a
> peek around your own systems!
>
> - -- brion vibber (brion @ wikimedia.org)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkgp4PoACgkQwRnhpk1wk46DqgCgqaVANcPl766vceaxcUAHIrvM
> CjQAoJM66ElW8EM/GkR/6nL1nOIjZA78
> =wRUR
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l[at]lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
>

_______________________________________________
Wikitech-l mailing list
Wikitech-l[at]lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

roan.kattouw at home

May 14, 2008, 1:26 AM

Post #4 of 6 (156 views)
Permalink

Re: SVN server host key has changed [In reply to]

Michael Dale schreef:
> svn commits seem not to be working for me since the svn server host key
> changed :(
>
> I am getting error: Permission denied (publickey,password) on requests
> for svn updates and commits. I deleted old known_hosts file and
> approved the new fingerprint... My id_rsa.pub is the same as before and
> my pass phrase works locally.
>
> ... is there anything else I could check?
>
> --michael
A vulnerability in Debian's openssl package was discovered recently,
which caused it to generate public/private key pairs which were too
predictable. Most likely your key is one of those and Brion disabled it
for that reason (as was the case with mine). Generate a new key and send
it to Brion, he'll let you back in.

Roan Kattouw (Catrope)

_______________________________________________
Wikitech-l mailing list
Wikitech-l[at]lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

huji.huji at gmail

May 15, 2008, 7:38 AM

Post #5 of 6 (145 views)
Permalink

Re: SVN server host key has changed [In reply to]

For Windows users who are using PuTTY or a related software to connect to
the SVN server:

You will have to login to the SVN server using PuTTY ( svn.wikimedia.org );
during the authentication process, you'll get a warning message that the
server key is different from what is stored in your registry. Click "Yes" to
save the new server key. If you're using Pageant, you should close it an
open it again to make sure it uses the new values in the registry. After
this, you should be able to work with the svn server again.

Hojjat (aka Huji)
_______________________________________________
Wikitech-l mailing list
Wikitech-l[at]lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

thomas.dalton at gmail

May 15, 2008, 8:07 AM

Post #6 of 6 (146 views)
Permalink

Re: SVN server host key has changed [In reply to]

On 15/05/2008, Huji <huji.huji[at]gmail.com> wrote:
> For Windows users who are using PuTTY or a related software to connect to
> the SVN server:
>
> You will have to login to the SVN server using PuTTY ( svn.wikimedia.org );
> during the authentication process, you'll get a warning message that the
> server key is different from what is stored in your registry. Click "Yes" to
> save the new server key. If you're using Pageant, you should close it an
> open it again to make sure it uses the new values in the registry. After
> this, you should be able to work with the svn server again.

Thank you for that! I hadn't actually tried it since the it update,
but I doubt I would have thought of that by myself. All worked
perfectly!!

_______________________________________________
Wikitech-l mailing list
Wikitech-l[at]lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com