Re: F29 / Rawhide - Bogus ssh host key mismatch errors mentioning "rsa-sha2-256"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 9/25/18 1:27 AM, Adam Williamson wrote:
Hey folks! Just a heads up, if anyone on F29 or Rawhide finds that
suddenly ssh connections are failing, claiming the host key does not
match and asking for a 'rsa-sha2-256' key: a mysterious hero known only
as 'sedrubal' figured out that this is caused by a crypto-policies
update, this one -

https://bodhi.fedoraproject.org/updates/FEDORA-2018-854e0caf7b

you can get back to normal by downgrading back to this build:

https://koji.fedoraproject.org/koji/buildinfo?buildID=1133273

(for both F29 and Rawhide). We've got enough negative karma on the
update now that it should be removed from updates-testing on the next
push, but some folks will have got the update already. I'll ask tmraz
if he can either fix it promptly or revert it temporarily, for Rawhide
users.

Sorry for the trouble!

You mean like this I am getting in my ssh started vncserver that I worked so hard on yesterday?

# systemctl -l --no-pager status vncserver@:1
● vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)    Active: failed (Result: exit-code) since Fri 2018-06-22 11:12:54 EDT; 3 months 5 days ago   Process: 682 ExecStart=/bin/sh -c /usr/bin/ssh -i .ssh/id_rsa_vnchack localhost /usr/bin/vncserver -fg :1 (code=exited, status=255)   Process: 655 ExecStartPre=/bin/sh -c /usr/bin/ssh -i .ssh/id_rsa_vnchack localhost /usr/bin/vncserver -kill :1 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 682 (code=exited, status=255)

Jun 22 11:12:54 localhost sh[682]: It is also possible that a host key has just been changed. Jun 22 11:12:54 localhost sh[682]: The fingerprint for the RSA key sent by the remote host is Jun 22 11:12:54 localhost sh[682]: SHA256:bxBBsme1XjvFo5g25XfSRhUMbk7JVl9Bdp8zp7vPTHs.
Jun 22 11:12:54 localhost sh[682]: Please contact your system administrator.
Jun 22 11:12:54 localhost sh[682]: Add correct host key in /home/rgm/.ssh/known_hosts to get rid of this message. Jun 22 11:12:54 localhost sh[682]: Offending ECDSA key in /home/rgm/.ssh/known_hosts:1 Jun 22 11:12:54 localhost sh[682]: RSA host key for localhost has changed and you have requested strict checking.
Jun 22 11:12:54 localhost sh[682]: Host key verification failed.
Jun 22 11:12:54 localhost systemd[1]: vncserver@:1.service: Main process exited, code=exited, status=255/n/a Jun 22 11:12:54 localhost systemd[1]: vncserver@:1.service: Failed with result 'exit-code'.

I see I upgraded openssh yesterday evening:

Upgraded: openssh-7.8p1-1.fc29.armv7hl

And now I got:  openssh-server-7.8p1-3.fc29.armv7hl

and I could start vncserver via ssh.

thanks for identifying the problem and getting it fixed so promptly.



_______________________________________________
test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux