Dr Beco:
>
> Today I registered a lot of students in the class, and 4 hours later I
> was in home and got a message one of them could not log in.
Log in where? Is this system administered by you?
> So I tried and got this message:
>
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the RSA host key has just been changed.
Read this message, it explains exactly what might have happened. Did you
change the host key? Does the DNS name (on the connecting client!) still
point to the correct system? Which host key do you get when you connect?
> Can I log in with my account remotely to see the problem, or should I
> better log in locally?
If you suspect that the system has been tampered with, do not enter any
passwords on this system before taking it offline. If you can log in
using a public key, you can use that safely.
If you do not know why the host key changed, reinstall the system from
scratch or restore from a "good" backup. If you want to try forensics,
keep the old disk and install on a new one.
J.
--
Whenever I hear the word 'art' I reach for my visa card.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature