warning: remote host identification has changed!

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am getting this message occasionally. How big is the chance that it is
really a man-in-the-middle attack?

The first time I got this error, I have deleted the offending line in
the $HOME/.ssh/known_hosts file, and just retried. The authentication
using the authorized_keys file was also not working, so I entered the
root password.

After the same happened again a few minutes later, I became suspicious
and created a new ssh key and root password.

But now the same happens again: I get the following message, but not
always. It happens to work ~10 times or minutes in a row, and then I get
the error message a few times, without any recognizable pattern, and
from the same shell.

It seems to start working again after I try the same from a different
user on my local machine.

rup@sempron:~/cvs/homepages/schachtner> ssh root@www
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /localhome/rup/.ssh/known_hosts to get rid of
this message.
Offending key in /localhome/rup/.ssh/known_hosts:4
RSA host key for www has changed and you have requested strict checking.
Host key verification failed.
rup@sempron:~/cvs/homepages/schachtner> ssh root@www
Last login: Wed Mar 19 09:48:45 2008 from wdsl-80-73-127-53.wcli.deg.net
Have a lot of fun...
h68390:~ # exit
Connection to www closed.

What is really surprising is that the key fingerprint displayed in the
message is identical with the one I got when creating the key.

Re: warning: remote host identification has changed!

Quoted text here. Click to load it

If you're that unlucky, or they're that good, you've got bigger
problems.  :-)  The likelihood of that is very very very small.

Quoted text here. Click to load it

That's VERY weird then.

Todd H.
http://www.toddh.net /

Site Timeline