So, as part of our outages yesterday I reinstalled bastion01 (and 02 a few days before) with rhel9. This means it's ssh host key changed. However, if you are setup right this should be a non event. :) There's at least 2 ways you can confirm the new new is right: 1. Enable sshfp: Add in your .ssh/config the following to the entry for bastion/fedora-infrastructure hosts: VerifyHostKeyDNS yes This will get the ssh fingerprint from dns and confirm it matches. 2. Add our ssh cert authority to your ~/.ssh/known_hosts file. This can be found at: https://admin.fedoraproject.org/ssh_known_hosts Just add those lines to your known_hosts and ssh will verify and trust any ssh host key thats signed by those certificate authorities. (which we do for all hosts). Sorry for any trouble. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue