Re: [Savannah-hackers] SSH keys

[Sylvain Beucler]

I am pretty puzzled. Everything is alright for me:

* Message when savannah.nongnu.org is unknown:
The authenticity of host 'savannah.nongnu.org (199.232.41.4)' can't be  
established.
RSA key fingerprint is 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5.

* When the key was modified by hand:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle  
attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5.

* host savannah.nongnu.org
savannah.nongnu.org is an alias for nongnu.org.
nongnu.org has address 199.232.41.4

So there is apparently no reason you received your warning. I also  
checked for any problem with Protocol 1 or 2, but Savannah refuses any  
Protocol1 connection.

And so:
- Do you still experience the SSH warning?
- If yes, do you have any clue on what is going on, because I don't :/  
(except if there is an actual "man-in-the-middle" attack)

--
Sylvain


On 2004.05.19 23:43, Thomas Degris wrote:
> Hello,
>
> I forgot to say that the command host savannah.nongnu.org returns :
> savannah.nongnu.org     CNAME   nongnu.org
> nongnu.org              A       199.232.41.4
>
> Thomas
>
> [...]
>
> Hello,
>
> here is the cvs repository I use (from satom/CVS/Root) :
> :ext:address@hidden:/cvsroot/satom
>
> Thomas
>
> Sylvain Beucler wrote:
>
> > Hello,
> >
> > I do not have any warning at savannah.gnu.org, savannah.nongnu.org  
> > and  subversions.gnu.org. All of these machines have the SSH key  
> > reported in  the CVS page you mentioned. So you should not get this  
> > message.
> >
> > What machine are you trying to connect to?
> >
> > Thanks,