Results 1 to 7 of 7
  1. #1
    Join Date
    Apr 2004
    Location
    India
    Posts
    292

    Security warning!!!

    Hello Friends,
    When I tried to scp from one server to another or even I tried to ssh to another server I got following message as error:

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that the RSA host key has just been changed.
    The fingerprint for the RSA key sent by the remote host is
    ea:29:39:4e:b7:03:af:64:67:18:1f:77:da:dc:75:18.
    Please contact your system administrator.
    Add correct host key in /root/.ssh/known_hosts to get rid of this message.
    Offending key in /root/.ssh/known_hosts:1
    Password authentication is disabled to avoid man-in-the-middle attacks.
    X11 forwarding is disabled to avoid man-in-the-middle attacks.
    Permission denied (publickey,password,keyboard-interactive).

    Dose anybody know what is the problem.
    It's urgent ,I want to tranfer mutiple domains via this.
    Thank you.

  2. #2
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,790
    Simply remove the first line in /root/.ssh/known_hosts file then retry if you have the ability to gain root SSH access
    Then when come to using scp... NEVER use domain name... I mean use:
    Code:
    scp whatever [email protected]_IP_not_domain_or_hostname:
    Hope this helps if I understand your problem

  3. #3
    Join Date
    Apr 2004
    Location
    India
    Posts
    292
    HEllo,
    yes I did that and no error now...
    But now my problem is that I want to transfer multiple accounts from one server to other.
    When this error was solved ,I tired it through WHM 9.1 ,but I got failure messages..
    What could be the problem?

  4. #4
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,560
    Originally posted by choon
    [B]Simply remove the first line in /root/.ssh/known_hosts file then retry if you have the ability to gain root SSH access
    so the error about the server key having changed is of no interest to you?

    can anyone say 'man in the middle' or 'trojan' ?

    cmon, repeat after me..

    what you should really be doing is investigating why the key has changed...

  5. #5
    Join Date
    Feb 2004
    Posts
    772
    Hi,

    It is actuallly the problem occured with the changed host key in the remote host that could have been caused when a new version of ssh is installed.

    Use your text editor (vi, emacs to open your file ~/.ssh/known_hosts, and edit it by removing each line containing the host's name. (The WARNING message may actually tell you the line of the file, e.g.,
    Offending key in /home/student/smithj/.ssh/known_hosts:6
    indicates that line #6 is the line to delete.)

    Hope this may resolve your problem.

    Regards,

    Bright
    24 / 7 Technical Support
    Bright Info Solutions

  6. #6
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,560
    hi again, same question to contestant #2

    do you just a) delete the offending key and get rid of the warning message, its not really an issue anyway or b) investigate?

    last i checked openssh didnt replace the host key on upgrade

  7. #7
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,790
    Originally posted by atul
    HEllo,
    yes I did that and no error now...
    But now my problem is that I want to transfer multiple accounts from one server to other.
    When this error was solved ,I tired it through WHM 9.1 ,but I got failure messages..
    What could be the problem?
    If you are using domain/hostname/subdomain names while logging in your server via SSH instead of IP, then if you change your either one of their IP for your hostname/subdomain/domain... most likely you will get that error message or your targetted machine is having similiar/same domain/hostname/subdomain. This is why for gaining SSH access on any servers... use IP address instead of hostname/domain/subdomain... ... I might be wrong but this is what had happened to me a year back or so and from there onwards I always use IP address instead of hostname/domain/subdomain...
    Giam Teck Choon
    :: Join choon.net Community today to share your tips and tricks on server issues please ::
    :: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •