{"id":259,"date":"2011-06-08T08:30:38","date_gmt":"2011-06-08T06:30:38","guid":{"rendered":"\/\/www.mcgill.org.za\/stuff\/?p=259"},"modified":"2011-06-13T10:14:11","modified_gmt":"2011-06-13T08:14:11","slug":"warning-remote-host-identification-has-changed","status":"publish","type":"post","link":"https:\/\/www.mcgill.org.za\/stuff\/archives\/259","title":{"rendered":"WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"},"content":{"rendered":"<p>If you use <code>ssh<\/code> for a while, you are sure to get this message sooner or later: <b>WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!<\/b>.  This means more or less what it says &#8211; the machine formerly known as <em>somemachine<\/em> suddenly smells different.  The possible reasons are:<\/p>\n<ul>\n<li>It&#8217;s a new machine using the name, or the IP address (you would know)<\/li>\n<li>You regenerated the ssh keys (you would know).<\/li>\n<li>You are not talking to the machine you think you are (e.g. a dynamic IP address that points somewhere else).\t<\/li>\n<li><b>There&#8217;s a man in the middle.  This is bad (very bad, in fact).<\/b><\/li>\n<\/ul>\n<p>If you are using key based authentication, you&#8217;ll still get in if it is your machine.  The hypothetical or real man in the middle gets to pass your traffic or block it, but cannot read the text.  To check that there is no man in the middle, you should examine the host key with<\/p>\n<pre><code>ssh-keygen -l -f \/etc\/ssh\/ssh_host_rsa_key<\/code><\/pre>\n<p>That key should match what your ssh client reported as the server identity:<\/p>\n<pre><code>$<strong> ssh -p24 root@somemachine<\/strong>\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that the RSA host key has just been changed.\r\nThe fingerprint for the RSA key sent by the remote host is\r\n<em>4d:16:9d:69:a0:f5:a9:ae:bc:96:f5:0b:ba:e0:ae:94<\/em>.\r\nPlease contact your system administrator.\r\nAdd correct host key in \/home\/stuff\/.ssh\/known_hosts to get rid of this message.\r\nOffending key in \/home\/stuff\/.ssh\/known_hosts:38\r\nPassword authentication is disabled to avoid man-in-the-middle attacks.\r\nKeyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.\r\nPort forwarding is disabled to avoid man-in-the-middle attacks.\r\nLast login: Wed Jun  7 08:01:30 2011 from 192.168.0.55\r\n[root@localhost ~]# <strong>ssh-keygen -l -f \/etc\/ssh\/ssh_host_rsa_key<\/strong>\r\n<em>2048 4d:16:9d:69:a0:f5:a9:ae:bc:96:f5:0b:ba:e0:ae:94<\/em> \/etc\/ssh\/ssh_host_rsa_key.pub\r\n<\/code><\/pre>\n<p>They match.  That machine was reinstalled, so it&#8217;s a new operating system and a new identity.  It was fine.  Finding out how to make the warning\/error go away is left as an exercise to the reader.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you use ssh for a while, you are sure to get this message sooner or later: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!. This means more or less what it says &#8211; the machine formerly known as somemachine suddenly smells &hellip; <a href=\"https:\/\/www.mcgill.org.za\/stuff\/archives\/259\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[16,28,190],"class_list":["post-259","post","type-post","status-publish","format-standard","hentry","category-stuff","tag-security","tag-ssh","tag-stuff"],"_links":{"self":[{"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/posts\/259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/comments?post=259"}],"version-history":[{"count":7,"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/posts\/259\/revisions"}],"predecessor-version":[{"id":290,"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/posts\/259\/revisions\/290"}],"wp:attachment":[{"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/media?parent=259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/categories?post=259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcgill.org.za\/stuff\/wp-json\/wp\/v2\/tags?post=259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}