Re: ssh warning about man in middle attack

From: Ian Scott (ian@pairowoodies.com)
Date: 09/24/02


From: Ian Scott <ian@pairowoodies.com>
Date: Mon, 23 Sep 2002 20:42:33 -0400

On Sat, 21 Sep 2002 22:21:08 -0400, Ident wrote:

> Paul wrote:
>
>> "ABN" <n@niworld.com> wrote in message
>> news:9uhb9.5373$z21.1265237@news20.bellglobal.com...
>> > Hi everyone,
>> >
>> > I went to connect to a machine using ssh to check on email, and for
>> > the first time, I got the following message:
>> >
>> > ---------------------------------------
>> > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
>> > WARNING: HOST IDENTIFICATION HAS CHANGED! @
>> > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS
>> > POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be
>> > eavesdropping on you right now (man-in-the-middle
>> attack)!
>> > It is also possible that the host key has just been changed. Please
>> > contact your system administrator.
>> > ----------------------------------------
>>
>> It is also possible that the O/S on the machine you are connecting to
>> has been reinstalled. I have seen this before when the target machine
>> has reformatted/reinstalled after some other problem. Perhaps the
>> system admin at that site could shed some light on the subject.
>>
>> PD
>
> Hope you can read up on The Man IN The Middle/ Thois probably the
> meanest thing a malicious hacker can do IMO. Tracker
 
There are a number of things that could have happened. First of all, is
this machine that you are trying to SSH to, yours?

If it's not yours, is it possible:

1. The administrator has installed a new server with the same IP number?

2. The administrator generated a new host key?

If the server belongs to you, and you know you have not done either #1 or
#2, then start worrying a little bit.

However, if you are not the server administrator, find out if either #1
or #2 is correct.

Then, once you are satisfied, simply edit your /.ssh/known_hosts file on
the macine that you are ssh'ing from, removing the IP and host key of the
server that you are trying to connect to.



Relevant Pages

  • Re: ssh warning about man in middle attack
    ... >>> It is also possible that the host key has just been changed. ... this machine that you are trying to SSH to, ... The administrator has installed a new server with the same IP number? ...
    (comp.security.ssh)
  • Re: Force non-empty pass-phrase?
    ... mark> of ssh as I see it that an administrator can't actually impose ... mark> this constraint on access to his own server. ... fundamental design of ssh. ...
    (comp.security.ssh)
  • Re: Q: paramiko/SSH/ how to get a remote host_key
    ... SSH client, if you connect for the first time then you get somethign ... ''' The server's host key is not cached in the registry. ... host_key the first time it connects to a remote SSH server. ...
    (comp.lang.python)
  • problems when opening an ssh session
    ... I have an account on a Solaris 2.6 machine in which the administrator has ... which I have installed OpenSSH versions 3.4p1 and 3.5p1 respectively. ... Now if I open a connection from the SSH 3.2.0 client to the OpenSSH 3.5p1 ... server everything works properly, but if I open a connection from the SSH ...
    (SSH)
  • Re: SSH auto trust all host keys,how to?
    ... 'man ssh' probably has the full information. ... host key, so I really dont need the host key for the SSH connection. ... runing on my remote linux server. ... So you said OpenSSH client has the option I want? ...
    (comp.security.ssh)