Bug 11901

Summary: SSH host key on monitoring01.i.ipfire.org has changed
Product: Infrastructure Reporter: Peter Müller <peter.mueller>
Component: MonitoringAssignee: Michael Tremer <michael.tremer>
Status: CLOSED DEFERRED QA Contact: Peter Müller <peter.mueller>
Severity: Security    
Priority: - Unknown - Keywords: 5MinuteJob, Security
Version: unspecified   
Hardware: all   
OS: All   
See Also: https://bugzilla.ipfire.org/show_bug.cgi?id=11648

Description Peter Müller 2018-10-11 19:28:51 UTC 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:1ozPjekp6zFA1v0G/6huI7ITb8yRPZ7SOIDQOEj+gaM.
Please contact your system administrator.
Update the SSHFP RR in DNS with the new host key to get rid of this message.
The authenticity of host 'monitoring01.i.ipfire.org (192.168.9.28)' can't be established.
ED25519 key fingerprint is SHA256:1ozPjekp6zFA1v0G/6huI7ITb8yRPZ7SOIDQOEj+gaM.
+--[ED25519 256]--+
|                 |
| .     . .       |
|o..o  o . o      |
|.++..o   + +     |
|. oo... Soo +    |
|E  .. ooooo= o   |
|       *o==oo .  |
|      o @+*o     |
|      .*oO=.     |
+----[SHA256]-----+
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)? ^C
Comment 1 Michael Tremer 2018-10-11 19:33:17 UTC 
What are you trying to say?
Comment 2 Peter Müller 2018-10-11 19:46:41 UTC 
That the SSH server host key on monitoring01.i.ipfire.org
has changed (and the change is not applied to its SSHFP records
as well) and I cannot determine whether this is legitimate or not.
Comment 3 Michael Tremer 2018-10-11 20:10:49 UTC 
For me the key hasn't changed and SSHFP records are up to date
Comment 4 Peter Müller 2018-10-15 18:35:45 UTC 
SSHFP record for ED25519 is missing in DNS.
Comment 5 Peter Müller 2019-10-28 15:05:30 UTC 
I guess this became obsolete by now...