#qi-hardware IRC log for Thursday, 2014-07-31

mthwolfspraul: projects.qi-hardware.com has a new ssh host key, is that an expected result of the maintenance?20:24
mthThe fingerprint for the RSA key sent by the remote host is20:24
mth39:1e:bd:04:bb:c5:36:05:5c:b0:3d:08:10:0d:93:2a.20:24
ysionnea1I think he said he was going to migrate on a new machine21:35
ysionnea1so I guess it's normal the key changed21:35
ysionnea116:08 < wolfspraul> wpwrak: I'm setting up a new machine21:35
mthyes, but I want to check if that is indeed the case and not a well-timed attack21:56
DocScrutinizer05which sort of attack do you expect?22:08
DocScrutinizer05did you exchange fingerprint of previous RSA key with wolfspraul in a secure channel?22:09
whitequarkit's a good assumption to make that no one MITM's *all* SSH traffic *all* the time22:09
wolfspraulmth: yes new host key - I didn't copy over the old one22:11
DocScrutinizer05nobody ever does ;-)22:14
DocScrutinizer05the server key is the machine's boiler plate22:14
wolfsprauland I think this would also trigger a warning, but this time that the IP address changed22:15
wolfspraulso warning-wise it's roughly the same22:15
DocScrutinizer05oooh the IP changed? then it would be pretty silly to copy the key, eh?22:15
wolfspraulwhy not, depends on what the goal is22:15
wolfspraulanyway I did not copy it over22:15
DocScrutinizer05yeah22:16
wolfspraulnew machine, new IP, new host key22:16
DocScrutinizer05usually you get IP/key tuples, e.g. in known-hosts22:16
DocScrutinizer05changing IP and keeping the key is basically meaningless22:16
whitequarkknown-hosts lists both hostname and IP22:16
whitequarkand I would argue that a machine is tied to hostname, not IP22:17
DocScrutinizer05hmmm22:17
DocScrutinizer05isn't the key meant to defeat e.g. DNS-spoofing22:17
DocScrutinizer05well, whatever. Nobody ever copies the key22:18
DocScrutinizer05;-)22:18
whitequarksure, it works to defeat DNS spoofing22:18
DocScrutinizer05real fun: http://privatepaste.com/f5b8b39849  trying to get a reservation mail past SPAM blocker: Mail delivery failed: returning message to sender  "info@hotelmardefrente.com": domain has no valid mail exchangers22:21
DocScrutinizer05Por favor realize su reserva llamando al teléfono 956 437025 o por correo electrónico info@hotelmardefrente.com22:25
DocScrutinizer05suuuure22:25
DocScrutinizer05no surprise they need a spam blocker fortified like fort knox22:26
DocScrutinizer05stuff gets annoying when you want to sleep there in 4 days22:26
DocScrutinizer05wolfspraul: do you still reside in China?22:34
DocScrutinizer05contracting you as escrow/proxy might be cheaper than flying there from Germany22:37
--- Fri Aug 1 201400:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!