Thursday, May 7, 2009

Possible DNS spoofing detected

This is a typical warning thrown in an ssh session that
occurs when the public key for the remote machine that
you are either trying to log onto or scp onto has been
changed. Typical error seen is on this lines -
misfit@mufasa:~/ ssh misfit@10.12.12.22
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

The RSA host key for node1-1 has changed,
and the key for the corresponding IP address 10.12.12.22
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
2d:47:fd:c3:1a:19:69:f7:ca:35:
2b:cc:b5:69:07:db.
Please contact your system administrator.
Add correct host key in /home/misfit/.ssh/known_hosts to get rid of this message.
Offending key in /home/misfit/.ssh/known_hosts:
1
RSA host key for node1-1 has changed and you have requested strict checking.
Host key verification failed.

The solution to this is as posted in the message, either
the user can clean the known_hosts file and try to login
again. The known_hosts file is located in the .ssh folder
in the home directory or alternately just changing the
entry corresponding to the remote machine in the known
_hosts file.

0 comments:

Post a Comment