Re: ssh warning about man in middle attack

From:
Date: 09/09/02

Next message: : "Re: rsh/remsh port restrictions between 514 to 1023"
Previous message: Juha Laiho: "Re: rsh/remsh port restrictions between 514 to 1023"
In reply to: Bill Unruh: "Re: ssh warning about man in middle attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 09 Sep 2002 15:11:46 -0400

Sorry to revive an old thread -- I was away for a while, and I'm
working through the backlog.

>>>>> "Bill" == Bill Unruh <unruh@string.physics.ubc.ca> writes:

Bill> "ABN" <n@niworld.com> writes:
>> Hi everyone,

Bill> ]I went to connect to a machine using ssh to check on email, and
Bill> for the ]first time, I got the following message:

>> ---------------------------------------
>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>> @ WARNING: HOST IDENTIFICATION HAS CHANGED! @
>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
>> Someone could be eavesdropping on you right now (man-in-the-middle
>> attack)!
>> It is also possible that the host key has just been changed.
>> Please contact your system administrator.
>> ----------------------------------------

Bill> ]Questions for us include,

Bill> ]1> How did this problem arise?

Bill> They probably reinstalled or updated ssh and that update reran the
Bill> ssh-keygen for that machine. Ie, its ssh public key was changed
Bill> for some reason.

A few posts have said this, but you should *never* assume this to be the
case. Check with your system administrator first. If anything has
changed, he/she would be able to tell you for sure. (And if he/she
doesn't understand what's going on he/she should be fired.)

Really, the warning message basically tells you exactly what you need to
know: contact your system administrator.

-- Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.

application/pgp-signature attachment: stored

Next message: : "Re: rsh/remsh port restrictions between 514 to 1023"
Previous message: Juha Laiho: "Re: rsh/remsh port restrictions between 514 to 1023"
In reply to: Bill Unruh: "Re: ssh warning about man in middle attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: SSH question
... control area. ... in /usr/local/etc/authorized_keys file and that enabled that user to ssh ... That way when bill ssh from host to hosta as jim, ...
(SSH)
Re: installing ssh after freebsd has been installed?
... Thanks, Bill and Matthew, your suggestions did the trick. ... i used sysinstall. ... check ssh in the networking section. ...
(freebsd-questions)
Re: ssh warning about man in middle attack
... Bill> for the]first time, ... Bill> They probably reinstalled or updated ssh and that update reran the ... Check with your system administrator first. ...
(comp.os.linux.security)
Re: Which version of SSH?
... The application owner wants to run sftp, so I said OK, no problem. ... I couldn't get it working until the firewall administrator allowed SSH ... It's not a matter of port, but as Bill G pointed out, a firewall ...
(comp.os.vms)
Re: key or password based on IP
... > Bill> password) for all others, e.g. internet ... > Bill> Does anybody know how to do this? ... > Not until you tell us what SSH server you're using. ...
(comp.security.ssh)