Re: Security warning: Where should I look for?

To: Debian Users List <debian-user@lists.debian.org>
Cc: Antonio Rodriguez <arodriguez31@cfl.rr.com>
Subject: Re: Security warning: Where should I look for?
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 23 Feb 2004 00:51:31 +0000
Message-id: <[🔎] 20040223005131.GD4109@riva.ucam.org>
Mail-followup-to: Debian Users List <debian-user@lists.debian.org>, Antonio Rodriguez <arodriguez31@cfl.rr.com>
In-reply-to: <[🔎] 20040223003834.GA26411@hpd.the-sphere.org>
References: <[🔎] 20040223003834.GA26411@hpd.the-sphere.org>

On Sun, Feb 22, 2004 at 07:38:34PM -0500, Antonio Rodriguez wrote:
> I just received a strong warning:
> 
> tony@hpd:~$ scp p173* root@remote.ip.here:/pathto/
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the RSA host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> 24:40:94:e0:81:b9:af:62:dd:70:84:47:10:d1:c3:c0.
> Please contact your system administrator.

Do what it says, then: verify out-of-band that the new RSA key quoted
there is the one it should be, by contacting the remote system
administrator using some other means. The sysadmin can use 'ssh-keygen
-l -f /etc/ssh/ssh_host_rsa_key.pub' to display the fingerprint.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Security warning: Where should I look for?
  - From: Antonio Rodriguez <arodriguez31@cfl.rr.com>

Prev by Date: Apple's mouse (was: Re: dcgui problems)
Next by Date: Re: sig dashes munged at master.d.o or Mutt issue?
Previous by thread: Security warning: Where should I look for?
Next by thread: Re: Security warning: Where should I look for?
Index(es):
- Date
- Thread