[conspire] Machine rebuild happened on Feb. 1

Daniel Gimpelevich daniel at gimpelevich.san-francisco.ca.us
Wed Feb 9 17:49:06 PST 2005

On Wed, 09 Feb 2005 12:44:37 -0800, Rick Moen wrote:

> Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):
>> Another side effect that I immediately noticed as soon as linuxmafia.com
>> came back up was that the SSH identity of the machine changed. Until I
>> read the below, I thought this might be a temporary thing, but now I guess
>> I should update my known_hosts file, right?
> Well, if you have reason to trust your DNS and intervening routers, yes.
> ;->

Who can really trust intervening routers? It is after all, the Internet.
As for DNS, I (maybe too hastily?) trust my ability to recognize your IP
address when I see it.

>> A little while later, I tried
>> temporarily moving the known_hosts file so that I could try to log in and
>> found that my password had been reset, and I don't know the new one.
> Password authentication is now no longer accepted.  See the system news
> bulletin:  http://linuxmafia.com/news.html

Wow, the first update to that page in nearly four years!

> Seriously, if you have a well-signed gpg/PGP key that I can verify on
> file (with signatures) in the keyservers, send me your SSH public key in
> a mail you've gpg/PGP-signed, and I'll add it to your
> ~/.ssh/authorized_keys on linuxmafia.com.  If not, we can take care of
> the matter next time you're at my house, or next time we chat by
> telephone.  Again, this is covered in the system news bulletin, linked
> from the site's Web front page and elsewhere.

I do have a GPG key on the MIT keyservers, but I've never bothered to get
it signed. Furthermore, I took GPG offline on a "temporarily permanent"
basis some time after I discovered that the signed messages I was sending
were not RFC-compliant. I do have a solution to the RFC-compliance
problem; I just haven't bothered to implement it yet. Other things I have
not yet bothered to do include setting up ssh-agent, which hopefully I can
figure out and do by Saturday's meeting, where I intend to scp what will
become my default SSH key onto the machine of your choosing. My current
SSH key is SourceForge-specific, hence the need for ssh-agent.

An example of what will no longer be possible is what happened at a recent
CABAL meeting: Somebody had a freshly installed Debian base system and had
a need for packages not allowed by the default sources.list as well as a
package from unstable (the system was tracking testing). After apt-get
installing SSH, I merely used my login to linuxmafia.com to scp over your
sources.list and /etc/apt/preferences to the new machine. Very handy!

More information about the conspire mailing list