LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-14-2008, 08:30 AM   #1
lawrence_lee_lee
Member
 
Registered: May 2007
Posts: 141

Rep: Reputation: 16
A problem with ssh connection


I have a computer running Linux at my home. Of course, I am the administrator.

I often use ssh to connect to it when I am in my office everyday. No problems have arised for a very long time (about a year).

But today when I try to connect to my system, it gave me the following warning,
Quote:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
----------------------------------- (I hide my RSA fingerprint here.)
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending key in ~/.ssh/known_hosts:21
RSA host key for [(my IP)]: (my port) has changed and you have requested strict checking.
Host key verification failed.
Since I myself is the system administrator, I definitely know that I did not change anything in my linux system running the sshd.

So, is there really such a possibility of me being attacked by a "man in the middle"? Are there any chances that my system change its RSA host key by itself? And what should I do now?

I need to connect to my system everyday. Please help!
 
Old 05-14-2008, 09:30 AM   #2
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,117

Rep: Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455
If your office PC has changed (new NIC? IP Address?), or your network admin has changed the NAT'ted address of what's going to the outside world (i.e., the internet, back to your house), the SSH info is going to have changed. Network-related things, such as IP and MAC addresses, are going to relate to your SSH key. Anything changes, and it'll give you this message.

Go onto your linux box at home, and edit your $HOME/.ssh/known_hosts, and remove the IP address that's related to your work PC. You should be able to connect then. Of course, you SHOULD check your system, and make sure that no one else has logged in and done something....
 
Old 05-14-2008, 09:49 PM   #3
lawrence_lee_lee
Member
 
Registered: May 2007
Posts: 141

Original Poster
Rep: Reputation: 16
This morning, I also tried to connect to my linux system at home from my friend's home computer. And I got the same warning! I am very sure that I've succeeded to connect to my computer at my friend's home without this warning for not more than 2 weeks ago. So does this mean that the problen is not associated with my office network, but my home linux box instead? And what else I should check? I am worried about the "man-in-the-middle attack".
 
Old 05-15-2008, 01:01 PM   #4
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,117

Rep: Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455
Quote:
Originally Posted by lawrence_lee_lee View Post
This morning, I also tried to connect to my linux system at home from my friend's home computer. And I got the same warning! I am very sure that I've succeeded to connect to my computer at my friend's home without this warning for not more than 2 weeks ago. So does this mean that the problen is not associated with my office network, but my home linux box instead? And what else I should check? I am worried about the "man-in-the-middle attack".
Like I said, if ANYTHING changes from a network standpoint, you'll get this message. Did anything change on your Linux box? New DHCP address? Power failure at home lately, causing your router to come up with a different external IP?
 
Old 05-15-2008, 11:45 PM   #5
lawrence_lee_lee
Member
 
Registered: May 2007
Posts: 141

Original Poster
Rep: Reputation: 16
I don't know what DHCP address is. But for the external IP. That certainly remains unchanged.

By the way, how can I check out what you've said? What command to use?
 
Old 05-16-2008, 08:14 AM   #6
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,117

Rep: Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455Reputation: 2455
Quote:
Originally Posted by lawrence_lee_lee View Post
I don't know what DHCP address is. But for the external IP. That certainly remains unchanged.

By the way, how can I check out what you've said? What command to use?
If you've got a home network, your internal stuff probably is using DHCP. That means that when you power up a device, it'll go out and query the DHCP server (in this case, your home router), and get an address. Sometimes it'll get the same one...sometimes not. DHCP is Dynamic Host Configuration Protocol, with Dynamic being the operative word. If you assign static addresses, you can sidestep that issue, but have to know how to configure such things.

If you want to check addresses and such, look at the man page for ifconfig. In your case, I'd just suggest going on to your linux box, and removing the entries in the $HOME/.ssh/known_hosts file, and letting your external connections rebuild. You might also have to do that on your remote systems too, such as you work PC. Until you find out what caused your network changes, be prepared to do this again, next time something changes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH connection problem, Rejected guillermo Linux - Networking 2 11-05-2007 02:41 PM
Ssh connection Problem ??? ce_emre Linux - Networking 2 10-11-2006 07:22 AM
ssh connection problem klemen Linux - Networking 2 06-19-2005 04:01 AM
ssh port 22 connection problem gr3ygh0s1 Linux - Security 1 05-24-2005 02:48 PM
SSH - X server connection problem satimis Linux - Networking 5 04-29-2004 02:29 AM


All times are GMT -5. The time now is 07:21 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration