Savannah Hackers, The two systems vcs and download are routinely accessed by Savannah users over ssh. We are getting close to being able to switch over to the new vcs0 and download0 machines. Which brings this question of plan.
Option 1: Do we use the previous 1024 bit SSH rsa host keys on the new system? If we do then users will not see any host fingerprint changes and can transparently keep using, for example, git.sv.gnu.org and never notice the difference. Option 2: Do we use the new 2048 bit SSH rsa host keys freshly generated on the new vcs0 and download0 servers? If we do then every ssh user will get the host changed warning message and need to update their known_hosts file for this change. Option 3: Do we use the old keys now through the transition but switch to the new host keys soon after completing the migration? Soon being 1-2 weeks. This would keep the immediate disruption minimized. It would allow us to back out of the switch, briefly return to the previous hosts if problems were found, without thrashing users. I have a mixed reaction. Part of me wants to jump immediately to the longer key. The older keys definitely need to be migrated away. This would advertise very loudly to all users that things have changed. We have put in a lot of effort and it will be nice to sing a little about it. But from a risk mitigation point I want to use the old keys just long enough for us to switch to the new just in case we need to switch back for a bit. That would actually allow us to ping-pong if needed without user thrash. Then switch the host keys after we know we are successfully there. Therefore I think we should execute option #3 above. Assaf, Karl, What do you guys think? Comments? Bob
