On 9/25/18 1:27 AM, Adam Williamson wrote:
Hey folks! Just a heads up, if anyone on F29 or Rawhide finds that
suddenly ssh connections are failing, claiming the host key does not
match and asking for a 'rsa-sha2-256' key: a mysterious hero known only
as 'sedrubal' figured out that this is caused by a crypto-policies
update, this one -
https://bodhi.fedoraproject.org/updates/FEDORA-2018-854e0caf7b
you can get back to normal by downgrading back to this build:
https://koji.fedoraproject.org/koji/buildinfo?buildID=1133273
(for both F29 and Rawhide). We've got enough negative karma on the
update now that it should be removed from updates-testing on the next
push, but some folks will have got the update already. I'll ask tmraz
if he can either fix it promptly or revert it temporarily, for Rawhide
users.
Sorry for the trouble!
You mean like this I am getting in my ssh started vncserver that I
worked so hard on yesterday?
# systemctl -l --no-pager status vncserver@:1
● vncserver@:1.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled;
vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2018-06-22 11:12:54
EDT; 3 months 5 days ago
Process: 682 ExecStart=/bin/sh -c /usr/bin/ssh -i .ssh/id_rsa_vnchack
localhost /usr/bin/vncserver -fg :1 (code=exited, status=255)
Process: 655 ExecStartPre=/bin/sh -c /usr/bin/ssh -i
.ssh/id_rsa_vnchack localhost /usr/bin/vncserver -kill :1 > /dev/null
2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 682 (code=exited, status=255)
Jun 22 11:12:54 localhost sh[682]: It is also possible that a host key
has just been changed.
Jun 22 11:12:54 localhost sh[682]: The fingerprint for the RSA key sent
by the remote host is
Jun 22 11:12:54 localhost sh[682]:
SHA256:bxBBsme1XjvFo5g25XfSRhUMbk7JVl9Bdp8zp7vPTHs.
Jun 22 11:12:54 localhost sh[682]: Please contact your system administrator.
Jun 22 11:12:54 localhost sh[682]: Add correct host key in
/home/rgm/.ssh/known_hosts to get rid of this message.
Jun 22 11:12:54 localhost sh[682]: Offending ECDSA key in
/home/rgm/.ssh/known_hosts:1
Jun 22 11:12:54 localhost sh[682]: RSA host key for localhost has
changed and you have requested strict checking.
Jun 22 11:12:54 localhost sh[682]: Host key verification failed.
Jun 22 11:12:54 localhost systemd[1]: vncserver@:1.service: Main process
exited, code=exited, status=255/n/a
Jun 22 11:12:54 localhost systemd[1]: vncserver@:1.service: Failed with
result 'exit-code'.
I see I upgraded openssh yesterday evening:
Upgraded: openssh-7.8p1-1.fc29.armv7hl
And now I got: openssh-server-7.8p1-3.fc29.armv7hl
and I could start vncserver via ssh.
thanks for identifying the problem and getting it fixed so promptly.
_______________________________________________
test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx
