[K12OSN] should I be worried about this?
"Terrell Prudé, Jr."
microman at cmosnetworks.com
Fri Nov 19 17:32:11 UTC 2004
Yup, definitely worth investigation. I suspect one of the following things:
1.) The SSH key on that server got changed by some sysadmin.
2.) You got "0wned". Check your logs to see if someone did indeed
crack your system.
3.) The key for that server in your local .ssh/known_hosts got changed.
4.) Someone stole your server's IP address and is running a sniffer on it.
I hope it's innocent. But you'd best act as if it isn't until proven
(not merely suspected, I mean proven) otherwise.
--TP
Carl Keil wrote:
>I get this when I try to ssh into my k12ltsp server.
>It just started happening after I rebooted last night.
>
>[root at girlwhocouldfly root]# ssh 69.30.69.155
>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
>Someone could be eavesdropping on you right now (man-in-the-middle attack)!
>It is also possible that the RSA host key has just been changed.
>The fingerprint for the RSA key sent by the remote host is
>77:09:0d:18:02:84:dd:ed:53:c6:93:df:5a:c9:0c:ca.
>Please contact your system administrator.
>Add correct host key in /root/.ssh/known_hosts to get rid of this message.
>Offending key in /root/.ssh/known_hosts:2
>RSA host key for 69.30.69.155 has changed and you have requested strict
>checking.
>Host key verification failed.
>
>
>_______________________________________________
>K12OSN mailing list
>K12OSN at redhat.com
>https://www.redhat.com/mailman/listinfo/k12osn
>For more info see <http://www.k12os.org>
>
>
>
--
_____________________
Do you GNU!? <http://www.gnu.org>
Be virus- and spam-free with Free/Open Source Software (FOSS). Check it
out! <http://www.mozilla.org/thunderbird>
More information about the K12OSN
mailing list