is ssh key changed itself?

From: Murat Dagdelen (rafet.dagdelen@verizon.net)
Date: 04/16/02


From: Murat Dagdelen <rafet.dagdelen@verizon.net>
Date: Tue, 16 Apr 2002 00:41:09 GMT

HI,

   I have openssh 3.1 installed on a redhat server. And also I have
Bastille-linux firewall installed on it and allowed only
7,21,22,80,81,443,444 ports. Anyways, that computer gets alot of scans
and attacks daily. I got a very difficult guessable root pasword and
noone else other than me knows about it.I only connect to that box from
my job desktop and my laptop.

   Yesterday, While I was connecting from my laptops linux partition to
that server from my home dsl connection, I got a warning that ssh key
changed. It is connecting with rsa host key of the server. According to
the warning I did not accept it and I did not logon. Anyways, I know
myself I did not change the key. But the thing is I enabled the sftp. So
I was suspected about a eavesdropping by someone I cut the connection.
Today I went to office and I phisically hooked up a monitor and a
keybord to the computer. I firstly checked the key and compared with the
one that I got at WARNING message. It was the same. I have checked the
/etc/ directory with fcheck, there was not a modification done on the
ssh files. checked the computer with chkrootkit, and nothing found.

    I am still suspencting from a eavesdropping but, I saw the key that
giving me a warning in the box itself. Now I am thinking:

   1. Does ssh program changes the keys in a range of times?
   2. If so, how do I manage it?
   3. Can the key get changed when I did enable the sftp?

 Thanks for advices..

Murat Dagdelen



Relevant Pages

  • Re: SSH Connects for me only sporadically.
    ... Now the server is behind a wireless router, ... port has a non standard external port number. ... ssh, and I get the same results. ... Connecting with ssh on the local lan at home works fine every time. ...
    (comp.security.ssh)
  • Re: OpenSSH MacOSX bug? (invalid name was supplied)
    ... I've had some luck downgrading to ssh version 1 (i.e. use ... connecting to either debian or Ubuntu OpenSSH server... ... Server Version: ... hosts, but any hosts on my local LAN ...
    (SSH)
  • Re: Q: paramiko/SSH/ how to get a remote host_key
    ... I am connecting from a WindowsXP SP2 machine. ... SSH client, if you connect for the first time then you get somethign ... host_key the first time it connects to a remote SSH server. ...
    (comp.lang.python)
  • Re: sshd broke after I change IP subnet address on server
    ... I was connecting ... >> with ssh until I changed the address to a different subnet. ... >> and the server on a switch with both configured on same subnet. ...
    (comp.os.linux.setup)
  • dsa and rsa key changed?
    ... I have openssh 3.1 installed on a redhat server. ... It is connecting with rsa host key of the server. ... the warning I did not accept it and I did not logon. ... ssh files. ...
    (comp.security.ssh)