Anyone ever come across a linux server host key changing with out a reboot, sshd restart, change in negotiating (SSHv1, SSHv2), and different DNS name or IP address? I have a server on RHEL4.4 that changed its host key. Red Hat Enterprise Linux ES release 4 (Nahant Update 4) openssh-server-3.9p1-8.RHEL4.15 2.6.9-42.ELsmp uptime 944 days Started getting the eavesdropping message from a login that is supposed to login w/o a password. And always did before today.
On Thu, Apr 16, 2009, Ed Donahue wrote:>Anyone ever come across a linux server host key changing with out a >reboot, sshd restart, change in negotiating (SSHv1, SSHv2), and >different DNS name or IP address?That would make me very suspicious that the box had been cracked, and that a foreign sshd had been substituted for the real one. rpm -V is your friend. Bill -- INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792 DOS: n., A small annoying boot virus that causes random spontaneous system crashes, usually just before saving a massive project. Easily cured by UNIX. See also MS-DOS, IBM-DOS, DR-DOS.
Maybe Matching Threads
- FYI: SSH1 now disabled at compile-time by default
- Announce: timeline to remove DSA support in OpenSSH
- Announce: timeline to remove DSA support in OpenSSH
- [Bug 1835] New: sftp should fallback to sshv1 if server doesn't support sshv2
- [Bug 2044] New: error message is printed for SSHv1 when ssh is forced to allocate a pseudo-tty even when it does not have a one