[lug] ssh warning

Greg Horne jeerygh at hotmail.com
Mon Sep 17 10:30:24 MDT 2001


Don't delete it (~/.ssh/known_hosts) untill you know if the admin has 
upgraded or changed something!  If you do, and the cpu you are connecting to 
has been hacked, or you are the victim of a man in the middle attack then 
ssh is worthless.  Everything you do could be logged.  Ahhhhh!  Contact the 
administrator.

Greg


>From: dan radom <dradom at redback.com>
>Reply-To: lug at lug.boulder.co.us
>To: lug at lug.boulder.co.us
>Subject: Re: [lug] ssh warning
>Date: Mon, 17 Sep 2001 08:51:06 -0600
>
>delete the entry in ~/.ssk/known_hosts (or known_hosts2) for that host.  
>this means that the public key on the host you're connecting to has 
>changed.
>
>dan
>
>* Glenn Murray (gmurray at Mines.EDU) wrote:
> > Hi,
> >
> > When I tried to ssh to my cvs server this morning I was told:
> >
> > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> > @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> > Someone could be eavesdropping on you right now (man-in-the-middle 
>attack)!
> > It is also possible that the RSA host key has just been changed.
> > Please contact your system administrator.
> > Add correct host key in /home/glenn/.ssh/known_hosts to get rid of this 
>message.
> >
> > I am not the administrator on the server and I am not sure what to do.
> > Does this mean that the administrators on the server changed
> > something?  Does it mean I have been hacked?  Who is responsible for
> > the RSA host key?
>_______________________________________________
>Web Page:  http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




More information about the LUG mailing list