Re: remote host identification has changed

To: marTin <madduck@madduck.net>
Cc: debian users <debian-user@lists.debian.org>
Subject: Re: remote host identification has changed
From: Emil Pedersen <emilp@update.uu.se>
Date: Mon, 24 Sep 2001 13:54:12 +0200
Message-id: <[🔎] 3BAF1EE4.F79624DA@update.uu.se>
References: <[🔎] 20010924123739.A2812@fishbowl.madduck.net>

marTin wrote:
> 
> dudes,
> i received a message today from one of my users, who, logging in to
> one of our servers from a remote internet cafe (which she used for the
> first time) that:
> 
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle
> attack)!
> It is also possible that the host key has just been changed.
> Please contact your system administrator.
> 

Doesn't this indicate that someone have been using the internet cafe for
connecting to you before?  I think otherwise she should have got a "...
host key unknow, do you realy want to proceed..." (something).

Is it possible that someone have been connected from the cafe (long ago
before tripwire indexed) and you since them changed you host key?

(Note, I'm far from expert on ssX/security issues.)

// Emil

Reply to:

Follow-Ups:
- Re: remote host identification has changed
  - From: Martin F Krafft <madduck@madduck.net>

References:
- remote host identification has changed
  - From: marTin <madduck@madduck.net>

Prev by Date: remote host identification has changed
Next by Date: Re: remote host identification has changed
Previous by thread: remote host identification has changed
Next by thread: Re: remote host identification has changed
Index(es):
- Date
- Thread