On Thu, 2018-09-27 at 11:18 -0400, Robert Moskowitz wrote: > > On 9/25/18 1:27 AM, Adam Williamson wrote: > > Hey folks! Just a heads up, if anyone on F29 or Rawhide finds that > > suddenly ssh connections are failing, claiming the host key does not > > match and asking for a 'rsa-sha2-256' key: a mysterious hero known only > > as 'sedrubal' figured out that this is caused by a crypto-policies > > update, this one - > > > > https://bodhi.fedoraproject.org/updates/FEDORA-2018-854e0caf7b > > > > you can get back to normal by downgrading back to this build: > > > > https://koji.fedoraproject.org/koji/buildinfo?buildID=1133273 > > > > (for both F29 and Rawhide). We've got enough negative karma on the > > update now that it should be removed from updates-testing on the next > > push, but some folks will have got the update already. I'll ask tmraz > > if he can either fix it promptly or revert it temporarily, for Rawhide > > users. > > > > Sorry for the trouble! > > You mean like this I am getting in my ssh started vncserver that I > worked so hard on yesterday? > > # systemctl -l --no-pager status vncserver@:1 > ● vncserver@:1.service - Remote desktop service (VNC) > Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; > vendor preset: disabled) > Active: failed (Result: exit-code) since Fri 2018-06-22 11:12:54 > EDT; 3 months 5 days ago > Process: 682 ExecStart=/bin/sh -c /usr/bin/ssh -i .ssh/id_rsa_vnchack > localhost /usr/bin/vncserver -fg :1 (code=exited, status=255) > Process: 655 ExecStartPre=/bin/sh -c /usr/bin/ssh -i > .ssh/id_rsa_vnchack localhost /usr/bin/vncserver -kill :1 > /dev/null > 2>&1 || : (code=exited, status=0/SUCCESS) > Main PID: 682 (code=exited, status=255) > > Jun 22 11:12:54 localhost sh[682]: It is also possible that a host key > has just been changed. > Jun 22 11:12:54 localhost sh[682]: The fingerprint for the RSA key sent > by the remote host is > Jun 22 11:12:54 localhost sh[682]: > SHA256:bxBBsme1XjvFo5g25XfSRhUMbk7JVl9Bdp8zp7vPTHs. > Jun 22 11:12:54 localhost sh[682]: Please contact your system administrator. > Jun 22 11:12:54 localhost sh[682]: Add correct host key in > /home/rgm/.ssh/known_hosts to get rid of this message. > Jun 22 11:12:54 localhost sh[682]: Offending ECDSA key in > /home/rgm/.ssh/known_hosts:1 > Jun 22 11:12:54 localhost sh[682]: RSA host key for localhost has > changed and you have requested strict checking. > Jun 22 11:12:54 localhost sh[682]: Host key verification failed. > Jun 22 11:12:54 localhost systemd[1]: vncserver@:1.service: Main process > exited, code=exited, status=255/n/a > Jun 22 11:12:54 localhost systemd[1]: vncserver@:1.service: Failed with > result 'exit-code'. Yup, looks like the same problem. > I see I upgraded openssh yesterday evening: > > Upgraded: openssh-7.8p1-1.fc29.armv7hl > > And now I got: openssh-server-7.8p1-3.fc29.armv7hl > > and I could start vncserver via ssh. It would actually be an update to crypto-policies that fixed it, not openssh. > thanks for identifying the problem and getting it fixed so promptly. Thanks, but I can't take the credit: that goes to sedrubal (who first pointed it out in the update) and mcatanzaro (who pinged me about it) :) -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx
