LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-19-2010, 11:20 PM   #1
pjd83
LQ Newbie
 
Registered: Feb 2010
Posts: 2

Rep: Reputation: 0
Single LAN port inexplicably changes RSA host key...


I am running several servers with multiple LAN ports.

Two of the machines can communicate via two separate subnets to control bandwidth issues.

Machine 1: 10.0.0.1 (w/ additional alias 12.0.0.1)
192.168.1.1
Machine 2: 10.0.0.2
192.168.1.2

I see three separate intermittent symptoms on the 10.0.0.0 network.
1) Both machines will cut off in the middle of the data transfer (rsync) if it takes too long.
2) Both machines will claim that the RSA key host has changed on the other...this will happen every few minutes.
3) Both machines will, at times, disallow login from the other...ssh prompts for password but will not accept the password.

Performing any operation between the same machines via the 192.168.1.0 subnet has no issue (as of yet).

From what I can see, the routing tables are set correctly. Machines were exact clones of each other. Machine 2 is a recently rebuilt machine with a fresh suse11 distro install. Symptoms on Machine 2 appeared immediately. I had this exact setup but reversed ip addresses before Machine 2 burned out without issue. All networks but the 12.0.0.1 are internal and there hasn't been any indication of attack.

At times, running ssh-keygen -R <ipaddress> will fix issues 1-3, other times only 1-2.

Thanks for any help,
Paul

Last edited by pjd83; 02-20-2010 at 08:29 AM.
 
Old 02-20-2010, 11:53 AM   #2
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
Are you confident about the security of your network? It almost sounds like what you might see during a poorly implemented MITM attack. It could be a stretch, but you might want to check your ARP tables to make sure nothing odd is going on there.
 
Old 02-20-2010, 04:57 PM   #3
pjd83
LQ Newbie
 
Registered: Feb 2010
Posts: 2

Original Poster
Rep: Reputation: 0
I don't see anything abnormal in the arp list...every ip address/hostname is accounted for.

If this is a MITM attack, what would I need to do? Would a MITM attack account for my inability to login via the ethernet device?

At least a temp fix, I switched the relevant ip address onto a different subnet. So far so good.

Thanks.

Last edited by pjd83; 02-20-2010 at 05:26 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
can't start sshd. Error is "Generating SSH1 RSA host key [FAILED] ryannlinux Linux - Newbie 9 03-20-2009 03:42 AM
A question about rsa host key fingerprints lawrence_lee_lee Linux - Software 8 07-17-2008 09:58 PM
Manually add single UPNP port forward to my LAN IP via router (no access to config) mrbryan Linux - Networking 0 04-15-2008 09:57 AM
RSA host key for 172.17.5.60 has changed ssharma_02 Red Hat 3 11-15-2006 09:55 AM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 07:25 AM


All times are GMT -5. The time now is 11:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration