Nope, nothing nasty! That happened after Ops restarted the bastion host. Instructions are at that link, but the key fingerprints are outdated. The new ones are on Phabricator.

On Mon, Apr 18, 2016 at 5:11 PM, Jon Katz <jkatz@wikimedia.org> wrote:
Hey Folks,
I am suddenly having trouble logging into stat1002 or stat1003 using my normal settings.  Here is what I get:

Jon-Katzs-Air:~ jkatz$  ssh jkatz@stat1003.eqiad.wmnet

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

[REDACTED BY JK].

Please contact your system administrator.

Add correct host key in /Users/jkatz/.ssh/known_hosts to get rid of this message.

Offending RSA key in /Users/jkatz/.ssh/known_hosts:1

RSA host key for bast1001.wikimedia.org has changed and you have requested strict checking.

Host key verification failed.

ssh_exchange_identification: Connection closed by remote host


  Here is my host.config file:

ForwardAgent no


     ProxyCommand ssh -a -W %h:%p bast1001.wikimedia.org


Is someone doing something nasty?

Any ideas?


Thanks,


J


_______________________________________________
Analytics mailing list
Analytics@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/analytics




--
Neil P. Quinn, product analyst
Wikimedia Foundation