[lug] ssh warning

[Tkil]

>>>>> "Glenn" == Glenn Murray <gmurray at Mines.EDU> writes:

Glenn> When I tried to ssh to my cvs server this morning I was told:

| @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
| @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
| @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
| IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
| Someone could be eavesdropping on you right now (man-in-the-middle attack)!
| It is also possible that the RSA host key has just been changed.
| Please contact your system administrator.
| Add correct host key in /home/glenn/.ssh/known_hosts to get rid of this message.

Glenn> Does this mean that the administrators on the server changed
Glenn> something?  Does it mean I have been hacked?  Who is
Glenn> responsible for the RSA host key?

i've encountered this most often when the machine i'm connecting to
has its IP address changed, since that's a part of the key.  (or, at
least, it's a part of the identification.)

if an ip address renumbering is why the identification changed, then
it should be fairly harmless to change the address within your
known_hosts file.  as someone else has already pointed out, however,
the highest-security method is to get the key directly from the
machine administrator using whatever method you trust to guarantee
that it's really that person giving it to you (e.g., meeting them in
person and grabbing a flopy or whatever).

t.