ECDSA key on anoncvs.mindrot.org

Iain Morgan imorgan at nas.nasa.gov
Wed Jul 24 02:33:05 EST 2013


Hello,

While running 'cvs up' against the CVS repository for the portable
branch of OpenSSH, I received the following warning:

% cvs up
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
d0:46:24:c1:63:cf:6b:f2:e3:33:3d:15:62:08:53:72.
Please contact your system administrator.
Add correct host key in /u/wk/imorgan/.ssh/known_hosts to get rid of
this message.
Offending ECDSA key in /u/wk/imorgan/.ssh/known_hosts:32
ECDSA host key for anoncvs.mindrot.org has changed and you have
requested strict checking.
Host key verification failed.
cvs [update aborted]: end of file from server (consult above messages if
any)

So, I'd just like to confirm that the ECDSA key (and possibly the RSA
and DSA keys) were legitimately changed.

Thanks,

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list