[asterisk-dev] gerrit.asterisk.org upgrade scheduled for Friday, May 28 1200Z

George Joseph gjoseph at sangoma.com
Fri May 28 08:21:29 CDT 2021


Oh, You may have more than one entry in your known_hosts file that will
need to be deleted.
You may be able to use 'ssh-keygen -F [gerrit.asterisk.org]:29418' to
locate the keys and
 'ssh-keygen -R [gerrit.asterisk.org]:29418' to remove them.

On Fri, May 28, 2021 at 6:54 AM George Joseph <gjoseph at sangoma.com> wrote:

> The Gerrit upgrade is now complete.  You'll probably see the "REMOTE HOST
> IDENTIFICATION HAS CHANGED!" from ssh when you perform your first git
> operation.   See below...
>
> On Fri, May 21, 2021 at 7:38 AM George Joseph <gjoseph at sangoma.com> wrote:
>
>> If you are a contributor and have cloned any of the repositories from
>> gerrit.asterisk.org using an ssh URI like ssh://<username>@
>> gerrit.asterisk.org:29418, read on.  Otherwise you can skip this message.
>>
>> Normally we don't announce Gerrit upgrades because they usually don't
>> impact community developers but this one's a bit different.   Back in 2015
>> when we commissioned the Asterisk Gerrit instance, we generated the SSH
>> host key with an algorithm and length that was appropriate at that time.
>> That algorithm/key length combination is no longer considered secure
>> however, and the latest version of Gerrit (3.4.0) doesn't support it.    In
>> fact, the upgrade process automatically regenerates the key to one with a
>> stronger algorithm and length.
>>
>> So, how does this affect you?   The first time you perform a git action
>> that needs to contact gerrit.asterisk.org after it's been upgraded,
>> you'll probably get an error or warning like so...
>>
>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
>>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
>>> Someone could be eavesdropping on you right now (man-in-the-middle
>>> attack)!
>>> It is also possible that a host key has just been changed.
>>> ...
>>> Offending RSA key in /home/<username>/.ssh/known_hosts:nn
>>> ...
>>
>>
>> All you have to do to continue is remove the old host key from your
>> known_hosts file and retry the git command.
>>
>> Just wanted to give you a heads up.
>>
>> --
>> George Joseph
>> Asterisk Software Developer
>> Check us out at www.sangoma.com and www.asterisk.org
>> [image: image.png]
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20210528/f32e5748/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 5142 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20210528/f32e5748/attachment-0001.png>


More information about the asterisk-dev mailing list