On Fri, Jan 13, 2017 at 00:40:33 -0700, Bob Proulx wrote: > Because of the flexibility to be able to switch back and forth while > working on the various version control systems we went with option 3 > described there. (And we have used that capability a few times > already.) I cloned the old host keys onto the new system. Therefore > if you have the hostnames in your known_hosts for the previous system > you should not get a key change warning using the same hostname on the > new system. If your ssh warns on IP address changes that will be the > only difference.
Maybe, the exact message was Warning: the RSA host key for 'hg.sv.gnu.org' differs from the key for the IP address '208.118.235.201' My reflexive response was to run `ssh-keygen -R hg.sv.gnu.org`, log in again, and verify the fingerprint. My ssh client only displays the sha256 fingerprint for the ECDSA key, and that's how we ended up here :) > 1024 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5 (RSA) > 256 65:b8:1c:2f:82:7c:0e:39:e1:4a:63:f2:13:10:e8:9c (ECDSA) > 256 14:7b:c8:98:dd:06:08:97:8c:00:9d:d2:ae:85:c8:82 (ED25519) > > 1024 SHA256:FYkx0iik+iBeCLRzvUyUSTRT98TEBBJoYuQsTXbyGL8 (RSA) > 256 SHA256:qRLLJ4w/GAeiDyYnbx4yWJbZXwGiYYxgNty7lAfUyuM (ECDSA) > 256 SHA256:o/oI4CKKcWc4cZvDFEdmOXsE3tiPP8bWa04h4bQjtV4 (ED25519) > > hg.savannah.gnu.org ssh-rsa > AAAAB3NzaC1yc2EAAAABIwAAAIEAzFQovi+67xa+wymRz9u3plx0ntQnELBoNU4SCl3RkwSFZkrZsRTC0fTpOKatQNs1r/BLFoVt21oVFwIXVevGQwB+Lf0Z+5w9qwVAQNu/YUAFHBPTqBze4wYK/gSWqQOLoj7rOhZk0xtAS6USqcfKdzMdRWgeuZ550P6gSzEHfv0= > hg.savnnah.gnu.org ecdsa-sha2-nistp256 > AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP9c1Z2f4OHxymvLxqxQ/hY1g0ol0/iiXUrVFGZBBq4h5gD05c7Gw9rRrcrvF9XvumBvOghOQzDSZZLRWvFGocA= > hg.savannah.gnu.org ssh-ed25519 > AAAAC3NzaC1lZDI1NTE5AAAAIMnMLHxGS/b6Su98mL/J58FkpEJY/X1mONqhPBuFX5sJ > > The RSA key is the same on both servers. The old server does not have > the newer ciphers. Thanks! > Agreed. Unfortunately the documentation in general is a garget rich > environment for improvement. The documentation is definitely an area > where anyone could jump in and help significantly. I've just cloned the wiki repo, I'll try to help if I can. -- mike
