LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-15-2007, 06:38 AM   #1
laucian
Member
 
Registered: Oct 2005
Distribution: Ubuntu 9.04
Posts: 124
Blog Entries: 2

Rep: Reputation: 15
Help with SSH attack..DNS Spoofing


Quote:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for Computer-NAME has changed,
and the key for the according IP address 129.206.xxx.xxx
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
41:08:1f:00:c3:fc:e4:55:77:a1:a4:xx:xx:xx:xx:xx.
Please contact your system administrator.
Add correct host key in /home/USERNAME/.ssh/known_hosts to get rid of this message.
Offending key in /home/USERNAME/.ssh/known_hosts:3
RSA host key for Computer-Name has changed and you have requested strict checking.
Host key verification failed.

hi everybody..
i am having a problem with ssh..
what does this mean..how can i secure my system..?
 
Old 10-15-2007, 07:17 AM   #2
Guttorm
Senior Member
 
Registered: Dec 2003
Location: Trondheim, Norway
Distribution: Debian and Ubuntu
Posts: 1,261

Rep: Reputation: 297Reputation: 297Reputation: 297
Hi

When you install ssh on a server, a host key is created. The message you get is telling you that this key has changed. Usually this happens when someone does a reinstall of the server. It could also be that there is something happening, like DNS spoofing.

The computer (operating system) you reach when you do a "ssh Computer-NAME" is not the same as last time you connected with ssh. If you know the reason (like if there has been a reinstall), delete line 3 in the file "/home/USERNAME/.ssh/known_hosts", and try again. If not, I would contact the administrator of that server and ask what's going on.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Punishing users for SSH attack _kure_ Linux - Security 8 08-17-2007 12:36 AM
Dos Attack on SSH Tunnel SPEEDEX Linux - Networking 3 04-08-2007 12:58 PM
DNS Attack inaki Linux - Security 1 09-14-2006 08:12 AM
Is there any benefit to spoofing SSH version string, and how do I do that? Steve Cronje Linux - Security 2 01-19-2005 06:17 PM
DNS Query Attack?? Manuel-H Linux - General 0 04-06-2003 10:00 PM


All times are GMT -5. The time now is 02:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration