Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

help, i've been spoofed

Status
Not open for further replies.
farley99

farley99

MIS
Feb 12, 2003
413
US
How did this happen?
# lds102
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for lds102 has changed,
and the key for the according IP address 12.52.58.55
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /root/.ssh/known_hosts:65
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
61:4c:a9:aa:a4:e4:da:8a:f8:f2:0d:bd:9f:ca.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:31
RSA host key for lds102 has changed and you have requested strict checking.
Host key verification failed.
 
Sort by date Sort by votes
"Read it carefully. It explains very well what is going on. Most likely the server was upgraded and its host key has changed. Make sure that it is the case and then remove all lines mentioning this server from your .ssh/known_host. The new server key will be recorded upon the next login. If you don't verify the reason why the server has a different host key you are in danger of leaking sensitive information to a different host impersonating your server.

An additional problem you may have when you get this message is that you are unable to launch X applications from this ssh session. Fix the host key - it will work then." (
/Lupidus
 
Upvote 0 Downvote
hi

Ya it is correct. For knowing who or which ip is doing nasty to your server. just check ur packing going outwords and inwards by using the following command
# tcpdump -i eth0
it will show all ips along with the domain names from which they are trying to access ur server.

santosh
 
Upvote 0 Downvote
if you have a different host key then edit your users .ssh/known_hosts and remove the key for the server trying to access.
This happens to me alot, but I am testing ssh to a server that gets reinstalled over and over. So I have an sed command to remove the entry.


>---------------------------------------Lawrence Feldman
SR. QA. Engineer SNAP Appliance
lfeldman@snapappliance.com

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Hawthorne
  • Locked
  • Question
Ubuntu, start up error, Help? 1
Replies
2
Views
127
Hawthorne
Hawthorne
redpotato
  • Locked
  • Question
some help for a beginner??
Replies
9
Views
250
LeeMason
LeeMason
G3rtech
  • Locked
  • Question
Help with iptables..
Replies
3
Views
97
geirendre
geirendre
sedawk
  • Locked
  • Question
how to see which /dev/ device has been modified?
Replies
6
Views
96
RhythmAce
RhythmAce
zsfhaergta
  • Locked
  • Question
su help
Replies
4
Views
99
DonQuichote
DonQuichote

Part and Inventory Search

Sponsor

Back
Top