Quote:
Originally Posted by homer_3
I'm not sure if this is the best forum to ask this in, but does anyone know what causes a host key to change? This seems to keep periodically happening on a LAN of mine.
|
I can only think of two ways for this to happen.
A sysadmin who doesn't understand SSH might upgrade a system without preserving the SSH host keys (and new ones will be generated by the new operating system install) or an incompetent sysadmin might delete or move host keys by accident. They are in /etc/ssh usually and need to have correct protections and ownership.
A malicious computer criminal might change the host keys so that man-in-the-middle attacks can be performed without anyone noticing. Your only protection against MitM is reliable, unchanging host keys. If your end users become accustomed to ignoring host key change warning messages, it opens up your whole infrastructure to MitM attacks.
Either way, you need to track this down. Host keys should be built strong (make them bigger than you need) and should never change without prior notification.