Nope, nothing nasty! That happened after Ops restarted the bastion host https://lists.wikimedia.org/pipermail/wikitech-l/2016-April/085289.html. Instructions are at that link, but the key fingerprints are outdated. The new ones are on Phabricator https://phabricator.wikimedia.org/T123721#2204676.
On Mon, Apr 18, 2016 at 5:11 PM, Jon Katz jkatz@wikimedia.org wrote:
Hey Folks, I am suddenly having trouble logging into stat1002 or stat1003 using my normal settings. Here is what I get:
*Jon-Katzs-Air:~ jkatz$ ssh jkatz@stat1003.eqiad.wmnet*
*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*
*@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @*
*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*
*IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!*
*Someone could be eavesdropping on you right now (man-in-the-middle attack)!*
*It is also possible that a host key has just been changed.*
*The fingerprint for the RSA key sent by the remote host is*
*[REDACTED BY JK].*
*Please contact your system administrator.*
*Add correct host key in /Users/jkatz/.ssh/known_hosts to get rid of this message.*
*Offending RSA key in /Users/jkatz/.ssh/known_hosts:1*
*RSA host key for bast1001.wikimedia.org http://bast1001.wikimedia.org has changed and you have requested strict checking.*
*Host key verification failed.*
*ssh_exchange_identification: Connection closed by remote host*
Here is my host.config file:
*ForwardAgent no*
*Host !bast1001.wikimedia.org http://bast1001.wikimedia.org *.wikimedia.org http://wikimedia.org *.wmnet*
ProxyCommand ssh -a -W %h:%p bast1001.wikimedia.org
http://bast1001.wikimedia.org*
Is someone doing something nasty?
Any ideas?
Thanks,
J
Analytics mailing list Analytics@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/analytics