|
Home > Archive > Debian Developers > July 2004 > RSA host key of ftp-master changed?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
RSA host key of ftp-master changed?
|
|
| Andreas Tille 2004-07-14, 7:51 am |
| Hi,
today I wanted to use dput for an upload but got:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@
The RSA host key for ftp-master.debian.org has changed,
and the key for the according IP address 208.185.25.31
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d2:fe:8f:43:0c:ab:6c:08:31:70:5f:f6:01:7
0:4c:a6.
Please contact your system administrator.
How to verify that there was really a change in the host key?
Kind regards
Andreas.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Metzler 2004-07-14, 7:51 am |
| On 2004-07-14 Andreas Tille <tillea@rki.de> wrote:
> today I wanted to use dput for an upload but got:
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@
> @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@
[...]
Where have you been for the last 6 months?
http://lists.debian.org/debian-deve...2/msg00001.html
cu andreas
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Tille 2004-07-14, 7:51 am |
| On Wed, 14 Jul 2004, Andreas Metzler wrote:
> On 2004-07-14 Andreas Tille <tillea@rki.de> wrote:
>
> [...]
>
> Where have you been for the last 6 months?
> http://lists.debian.org/debian-deve...2/msg00001.html
This is no news to me. BTW, the host keys there are for
master (146.82.138.7)
gluck (192.25.206.10)
merkel (192.25.206.16)
but ftp-master has IP 208.185.25.31 so this URL would not really help.
At this time ftp-master was identical to auric (206.246.226.45). This
is reflected in my .ssh/known_hosts by having the same RSH key. But
it seems that some other host became ftp-master now and I seemed to
miss this information. That's why I was asking ...
Kind regards
Andreas.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Colin Watson 2004-07-14, 7:51 am |
| On Wed, Jul 14, 2004 at 12:55:34PM +0200, Andreas Tille wrote:
> On Wed, 14 Jul 2004, Andreas Metzler wrote:
>
> This is no news to me. BTW, the host keys there are for
> master (146.82.138.7)
> gluck (192.25.206.10)
> merkel (192.25.206.16)
> but ftp-master has IP 208.185.25.31 so this URL would not really help.
Quoting the announcement linked to above:
How do I upload?
----------------
Use the anonymous upload queue on ftp-master.
anonymous i.e. not over ssh.
Where can I login?
------------------
There's been a fair bit of talk post-compromise about restricting
access to machines running (core) services. At the moment, the only
thing I'm (personally) doing is not enabling non-services accounts on
auric (ftp-master) and klecker (security, non-US, qa, nm, www-master)
immediately. Obviously, it's useful for random developers to have
access to e.g. the postgres database of the archive, so the current
plan if the restricted nature of auric becomes permanent is to mirror
the system daily to another box that would be unrestricted. [This
would have the added bonus of giving us a hot spare for
disasters/arson attacks etc.]
> At this time ftp-master was identical to auric (206.246.226.45). This
> is reflected in my .ssh/known_hosts by having the same RSH key. But
> it seems that some other host became ftp-master now and I seemed to
> miss this information. That's why I was asking ...
http://lists.debian.org/debian-deve...1/msg00011.html
--
Colin Watson [cjwatson@flatline.org.uk]
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Tille 2004-07-14, 7:51 am |
| On Wed, 14 Jul 2004, Colin Watson wrote:
> http://lists.debian.org/debian-deve...1/msg00011.html
>
Thanks. Before I get even moire RTFM mails I try to explain in more detail.
I did several uploads since then using dput. My dput configuration is unchanged
since several months. It starts with
[DEFAULT]
login = username
method = ftp
hash = md5
allow_unsigned_uploads = 0
run_lintian = 0
run_dinstall = 0
check_version = 0
scp_compress = 0
post_upload_command =
pre_upload_command =
passive_ftp = 0
default_host_main =
default_host_non-us =
[ftp-master]
fqdn = ftp-master.debian.org
incoming = /pub/UploadQueue/
login = anonymous
# ^^^^^^^^^
Why does dput refuse to do its job today but worked some days (I do not remember
exactly when I did an upload from this box) ago?
I guess it verifys the host key for some reason (which seems not to be really
bad) even if the upload is done via ftp (see line 3) and by an anonymous
upload (see marked line, last one of the snippet).
I also can't verify that I changed dput
$ dpkg --status dput
Package: dput
Status: install ok installed
Priority: optional
Section: devel
Installed-Size: 196
Maintainer: Christian Kurz <shorty@debian.org>
Architecture: all
Version: 0.9.2.13
on my saystem recently. So what is the real explanation for this change
of behaviour besides that you are so kind to teach me reading debian-announce
messages?
Kind regards
Andreas.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Steve Langasek 2004-07-14, 5:56 pm |
| On Wed, Jul 14, 2004 at 01:14:28PM +0200, Andreas Tille wrote:
> [DEFAULT]
> login = username
> method = ftp
> hash = md5
> allow_unsigned_uploads = 0
> run_lintian = 0
> run_dinstall = 0
> check_version = 0
> scp_compress = 0
> post_upload_command =
> pre_upload_command =
> passive_ftp = 0
> default_host_main =
> default_host_non-us =
> [ftp-master]
> fqdn = ftp-master.debian.org
> incoming = /pub/UploadQueue/
> login = anonymous
> # ^^^^^^^^^
> Why does dput refuse to do its job today but worked some days (I do not remember
> exactly when I did an upload from this box) ago?
> I guess it verifys the host key for some reason (which seems not to be really
> bad) even if the upload is done via ftp (see line 3) and by an anonymous
> upload (see marked line, last one of the snippet).
Barring absurd bugs, no, it does not. For some reason, dput is making an
ssh connection to ftp-master *instead of* an ftp connection. This is most
likely a configuration issue on your system.
--
Steve Langasek
postmodern programmer
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Martin Schulze 2004-07-18, 7:51 am |
| Andreas Tille wrote:
> today I wanted to use dput for an upload but got:
Your configuration is broken. You'll need to use ftp for ftp-master
or scp for gluck:~tfheen/incoming (or something) or any other upload
queue.
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@
> @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@
> The RSA host key for ftp-master.debian.org has changed,
> and the key for the according IP address 208.185.25.31
> is unknown. This could either mean that
> DNS SPOOFING is happening or the IP address for the host
> and its host key have changed at the same time.
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the RSA host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> d2:fe:8f:43:0c:ab:6c:08:31:70:5f:f6:01:7
0:4c:a6.
> Please contact your system administrator.
>
>
> How to verify that there was really a change in the host key?
http://db.debian.org/machines.cgi?host=newraff
As a sidenote: You have not account on the current ftp-master machine.
Regards,
Joey
--
It's time to close the windows.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|
|