[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] ssh 3.1
- Subject: [cobalt-security] ssh 3.1
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 8 Mar 2002 20:32:39 -0500
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Since upgrading my servers with OpenSSH 3.1, this is the response I receive
when I try to log into my servers from my Mandrake Linux machine with an
OpenSSH 3.1 client.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
24:20:18:fd:7b:d3:c3:09:91:9c:ba:df:58:12:52:ea.
Please contact your system administrator.
Add correct host key in /home/gerald/.ssh/known_hosts to get rid of this
message.
Offending key in /home/gerald/.ssh/known_hosts:6
RSA host key for fsn2 has changed and you have requested strict checking.
Host key verification failed.
;=====================end response =======================
I can do a normal login from a Red Hat Linux machine using OpenSSH 3.02
client.
So it must be something to do with the client, but WHAT.
I have commented out almost everything in sshd_config
TIA for any ideas.
--
Gerald Waugh