Re: Security warning: Where should I look for?
On Mon, Feb 23, 2004 at 07:55:25PM +0000, Pigeon wrote:
> On Mon, Feb 23, 2004 at 02:19:21AM +0100, Miroslav Maiksnar wrote:
> > Dne po 23. ?nora 2004 01:38 Antonio Rodriguez napsal(a):
> > > I just received a strong warning:
> > >
> > > tony@hpd:~$ scp p173* root@remote.ip.here:/pathto/
> > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> > > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> > > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> > > Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> > > It is also possible that the RSA host key has just been changed.
> > > The fingerprint for the RSA key sent by the remote host is
> > > 24:40:94:e0:81:b9:af:62:dd:70:84:47:10:d1:c3:c0.
> > > Please contact your system administrator.
> > > Add correct host key in /home/tony/.ssh/known_hosts to get rid of this
> > > message. Offending key in /home/tony/.ssh/known_hosts:2
> > > RSA host key for local.ip.here has changed and you have requested strict
> > > checking. Host key verification failed.
> > > lost connection
> > > tony@hpd:~$
> > >
> > > Thanks to all.
> >
> > Also if remote server gets reinstalled and lazy admin doesn't use backuped RSA
> > keys, new ones is generated and every poor ssh user gets this message ;o(
>
> You also get it if the remote host's local hostname has changed.
Well, none of these two was the case. The localhost in the remote
machine didn't change, not the ssh server was reinstalled. The only
change that I am aware of is a modification in the php4.ini of the web
server in the remote machine. I can trust this to be accurate since I
administer the remote machine two.
Ugly, eh?
Reply to: