Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 8th April 2004, 04:00 AM
reddwarf2956 Offline
Registered User
 
Join Date: Mar 2004
Location: Arlington, TX
Age: 47
Posts: 64
Nasty gram and errman

I get the following message on one of my LAN computers when I enter:

# scp -p -r IPADDRES OF comp1:/hold/comp1 IPADDRESS OF BACKUP:/hold

and password:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
HEX NUMBERS SEPERATED BY ':'
Please contact your system administrator.
Add correct host key in /USERNAME/.ssh/known_hosts to get rid of this message.
Offending key in /USERNAME/.ssh/known_hosts:2
RSA host key for IP ADDRESS OF comp1 has changed and you have requested strict checking.Host key verification failed.
lost connection

Now I don't think I have a eavesdropper as of now (if there are there I would like to know how?) What I do beleive is that it is me with some incorrect setting. How do I find the correct host key to add to the: /USERNAME/.ssh/known_hosts
file

John

PS

Is there a way, figure out things like this without asking others? Hell I am the "system administrator." I guess what I am asking is there an errman like there is a man with examples of solutions? I know this is a problem the has at less two out comes which are predictable. So there should be some kind of documentation on it and what actions to do.
Reply With Quote
  #2  
Old 8th April 2004, 04:16 AM
mars_hall Offline
Registered User
 
Join Date: Feb 2004
Location: S.E. USA
Age: 52
Posts: 135
If I was seeing something like that, I would be going to sleep reading log files. I've been a System Admin for the past 5 years, and I have been know to go into the office at 4 a.m. just to be able to catch them in the act. Just to find out that the virus writers are very clever people sometimes.
Check your log files to see if you have any external people connecting, you should be able to at least get some IP addresses, with that you might be able to deny access from those IPs.
Reply With Quote
  #3  
Old 8th April 2004, 04:20 AM
mhelios Offline
Retired Community Manager
 
Join Date: Feb 2004
Location: Queensland, AU
Posts: 738
Edit the .ssh/known_hosts file (on your host), remove the entry for that hosts key, and reconnect to that host. It will detect that this host is not in the list of known-hosts (as it does when you first connect to a host) and ask you if it is trusted to add to the list.

This is *highly more likely than it being a comprimised host. *But, do have a look around the system just to keep your paranoia levels healthy.
__________________
mhelios@fedoraforum.org
Registered Linux User # 348963
GnuPG KeyID: 0xCE9F8922
Reply With Quote
  #4  
Old 8th April 2004, 04:22 AM
mhelios Offline
Retired Community Manager
 
Join Date: Feb 2004
Location: Queensland, AU
Posts: 738
BTW, moving to Security forum.
__________________
mhelios@fedoraforum.org
Registered Linux User # 348963
GnuPG KeyID: 0xCE9F8922
Reply With Quote
  #5  
Old 8th April 2004, 04:40 AM
reddwarf2956 Offline
Registered User
 
Join Date: Mar 2004
Location: Arlington, TX
Age: 47
Posts: 64
Thanks for the quick answers. I for one am quick to ask for help. so that allow for more sleep. I do like the warning however. It is not lame like a windows or DOS warning!

I agree I don't think I will find anything, but where to look for this anything?

I still wish there was a error manual to go along with the man manual. Maybe a Rx manual too for common symtom (sp). These are different from than FAQs and HowTo's how I see it, but they lead to FAQs if there is no solution around.

I guess I am thinking to much about the garbage in, garbage out bit.

John
Reply With Quote
  #6  
Old 8th April 2004, 10:49 PM
PorkChop Offline
Registered User
 
Join Date: Mar 2004
Location: San Marcos TEXAS
Posts: 39
I saw the same message when SSH'ing from work to home, on several of my systems. Liek Mhelios said add the key to .ssh/known_hosts ( I think thats right..

I know *all* the IP's I connect from remotely, so after continued log checking, I fell fairly confident..

If you know the IP's you are connecting from its easier to filter that stuff out..

Good luck..

PorkChop
Reply With Quote
  #7  
Old 9th April 2004, 12:51 AM
Jman Offline
Registered User
 
Join Date: Mar 2004
Location: Minnesota, USA
Age: 28
Posts: 7,909
Maybe after you get the good key into known_hosts you could print it off or something so you can be sure it doesn't change again. I know it's difficult to whip out the key whenever you connect, but in the future if you get this message you could be sure it didn't change.

The place to start for logs is the Red Hat graphical log viewer. Main Menu > System Tools > System Logs. The security log should be relevant. Also there is an entire directory of logs in /var/log.
Reply With Quote
  #8  
Old 9th April 2004, 01:40 AM
reddwarf2956 Offline
Registered User
 
Join Date: Mar 2004
Location: Arlington, TX
Age: 47
Posts: 64
OK, I have figured out the why to this problem and fixed it. Having a computer wih eth cards on one network does not work.

With that fix another problem this time with a lame error.

# scp computer.x.com:/dir computer2 IP:/h old
username@computer.x.com's
password:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).
lost connection

Now what is wrong?
If I do it from the the other computer I get just:

lost connection

PS I might want to state what I got.

I have a laptop as computer which is battery only (No AC power.) I am writing and browsing here from it. It is using DHCP.

Computer2 is a desktop with a static IP address, but I think if computer3 handles DNS it can use DHCP.

Computer3 is also a desktop and will have a static IP unless there is a better way. and they are connected using a router.

Computer2 can ping its IP address and the router but no other machines. Comp3 can't ping a thing and has only command line function. (the fun one)

As for firewalls, the laptop has only ssh as trusted using the gui @ System Settings -> Secuirity Level. And currently allows NTP to a IPaddy though its firewall.

Comp2 has ssh and eth0 trusted.

I plan on computer3 to be the mail, DNS. http, and NTP server for the three. Is this good?

Help?

John

Last edited by reddwarf2956; 9th April 2004 at 03:23 AM.
Reply With Quote
Reply

Tags
errman, gram, nasty

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Very nasty sound problem kulesza Hardware & Laptops 12 1st November 2004 10:18 AM


Current GMT-time: 11:16 (Monday, 01-09-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat