LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Ssh Compromised! (http://www.linuxquestions.org/questions/linux-general-1/ssh-compromised-19675/)

Savedadogs 04-28-2002 04:19 PM

Ssh Compromised!
 
Please someone help me I am a newbie. I had setup the ssh daemon on my RedHat Linux 7.2 server last week. I used openssh. I created the keys and was able to login to my server through my lan:

ssh 192.168.1.05.

Here is what happens now when I try to ssh:

[root@localhost root]# ssh 192.168.1.105
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
RSA host key for 192.168.1.105 has changed and you have requested strict checking.
Host key verification failed.


WHAT IS GOING ON??? Has someone compromised my machine. I was also able to ssh from the outside world to my machine last week. I have a dynamic IP. All incoming ssh conenctions (port 22) are forwarded to 192.168.1.105, my linux server. Please HELP!

trickykid 04-28-2002 04:29 PM

Please do not double post. http://www.linuxquestions.org/questi...threadid=19674


All times are GMT -5. The time now is 05:09 PM.