bastion ssh host key change 2023-03-29

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So, as part of our outages yesterday I reinstalled bastion01 (and 02 a
few days before) with rhel9. This means it's ssh host key changed.

However, if you are setup right this should be a non event. :) 

There's at least 2 ways you can confirm the new new is right:

1. Enable sshfp:

Add in your .ssh/config the following to the entry for
bastion/fedora-infrastructure hosts: 

   VerifyHostKeyDNS yes

This will get the ssh fingerprint from dns and confirm it matches.

2. Add our ssh cert authority to your ~/.ssh/known_hosts file.
This can be found at: 
https://admin.fedoraproject.org/ssh_known_hosts
Just add those lines to your known_hosts and ssh will verify and trust
any ssh host key thats signed by those certificate authorities.
(which we do for all hosts).

Sorry for any trouble.

kevin

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux