remote host identification has changed
dudes,
i received a message today from one of my users, who, logging in to
one of our servers from a remote internet cafe (which she used for the
first time) that:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.
that's bad, but i couldn't reproduce it from five other remote
systems. tripwire has not reported anything pertaining to a changed
keyset in /etc/ssh, nor do i have a reboot registered or otherwise
suspicious logins.
is this possible? what's going on? does this really man that there was
a man-in-the-middle attack?
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
--
"gilmour's guitar sounds good
whether you've got a bottle of cider in your hand
or a keyboard and a mouse."
-- prof. bruce maxwell
Reply to: