remote host identification has changed

To: debian users <debian-user@lists.debian.org>
Subject: remote host identification has changed
From: marTin <madduck@madduck.net>
Date: Mon, 24 Sep 2001 12:37:39 +0200
Message-id: <[🔎] 20010924123739.A2812@fishbowl.madduck.net>
Mail-followup-to: marTin <madduck@madduck.net>, debian users <debian-user@lists.debian.org>

dudes,
i received a message today from one of my users, who, logging in to
one of our servers from a remote internet cafe (which she used for the
first time) that:



@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.



that's bad, but i couldn't reproduce it from five other remote
systems. tripwire has not reported anything pertaining to a changed
keyset in /etc/ssh, nor do i have a reboot registered or otherwise
suspicious logins.

is this possible? what's going on? does this really man that there was
a man-in-the-middle attack?

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
-- 
"gilmour's guitar sounds good
 whether you've got a bottle of cider in your hand
 or a keyboard and a mouse."
                                                -- prof. bruce maxwell

Reply to:

Follow-Ups:
- Re: remote host identification has changed
  - From: Emil Pedersen <emilp@update.uu.se>
- Re: remote host identification has changed
  - From: Sam Varghese <sam@gnubies.com>

Prev by Date: nfs mounting problems
Next by Date: Re: remote host identification has changed
Previous by thread: RE: nfs mounting problems
Next by thread: Re: remote host identification has changed
Index(es):
- Date
- Thread