Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Mar 2001 10:29:57 +0200
From:      Peter Pentchev <roam@orbitel.bg>
To:        Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
Cc:        freebsd-security@freebsd.org
Subject:   Re: sshd - @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
Message-ID:  <20010301102957.B55211@ringworld.oblivion.bg>
In-Reply-To: <200103010819.JAA82842@gilberto.physik.rwth-aachen.de>; from kuku@gilberto.physik.rwth-aachen.de on Thu, Mar 01, 2001 at 09:19:00AM %2B0100
References:  <200103010819.JAA82842@gilberto.physik.rwth-aachen.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Mar 01, 2001 at 09:19:00AM +0100, Christoph Kukulies wrote:
> 
> I installed a newer sshd recently on one machine in the network
> which I used to login before already via ssh.
> 
> Now I'm getting this infamous 
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the host key has just been changed.
> Please contact your system administrator.
> Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
> Host key for host.domain has changed and you have requested strict checking.
> 
> Do I have to worry about being compromised or is it 'normal' behaviour?

If you did not keep your /etc/ssh/ subdirectory, particularly the host
key files in there, then yes, it's normal.  In future upgrades, try to
keep as many of the config files in /etc/ssh/ as possible.

Okay, so /etc/ssh/ is OpenSSH-specific; the ssh.com SSH likes to keep
those files in /etc, IIRC.

G'luck,
Peter

-- 
If there were no counterfactuals, this sentence would not have been paradoxical.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010301102957.B55211>