man in the middle attack ?
Dear linuxers,
Today I registered a lot of students in the class, and 4 hours later I was in home and got a message one of them could not log in. So I tried and got this message: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 66:09:66:e3:e1:54:dc:65:e4:a4:74:99:c4:df:3e:ff. Please contact your system administrator. Add correct host key in /home/beco/.ssh/known_hosts to get rid of this message. Offending key in /home/beco/.ssh/known_hosts:1 RSA host key for beco.poli.br has changed and you have requested strict checking. Host key verification failed. What should I do, or where should I look, to understand this problem? Can I log in with my account remotely to see the problem, or should I better log in locally? Thanks, Beco. -- Dr. Beco A.I. research, Cognitive Scientist and Philosopher Linux Counter #201942 -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: CALuYw2zMFMh1+0cnZsKv+_qducRCGPhmfCQZRWm2Q8zVgnr+z Q@mail.gmail.com">http://lists.debian.org/CALuYw2zMFMh1+0cnZsKv+_qducRCGPhmfCQZRWm2Q8zVgnr+z Q@mail.gmail.com |
man in the middle attack ?
Hi Dr. Beco A.I. research, Cognitive Scientist and Philosopher Linux
Counter #201942, take an educated guess or ask one of your A.I. thingy to take an educated guess. Regards, Ralf PS: When I was a child one of my heroes was http://de.wikipedia.org/wiki/Joseph_Weizenbaum , he still is. Most teachers are a PITA. -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/1345495397.1285.103.camel@localhost.localdomain |
man in the middle attack ?
Dr Beco:
> > Today I registered a lot of students in the class, and 4 hours later I > was in home and got a message one of them could not log in. Log in where? Is this system administered by you? > So I tried and got this message: > > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that the RSA host key has just been changed. Read this message, it explains exactly what might have happened. Did you change the host key? Does the DNS name (on the connecting client!) still point to the correct system? Which host key do you get when you connect? > Can I log in with my account remotely to see the problem, or should I > better log in locally? If you suspect that the system has been tampered with, do not enter any passwords on this system before taking it offline. If you can log in using a public key, you can use that safely. If you do not know why the host key changed, reinstall the system from scratch or restore from a "good" backup. If you want to try forensics, keep the old disk and install on a new one. J. -- Whenever I hear the word 'art' I reach for my visa card. [Agree] [Disagree] <http://www.slowlydownward.com/NODATA/data_enter2.html> |
man in the middle attack ?
To me, If ou are teaching a linux class (assumed since you are self proclaiming to be a doctor) the I question why you, as a teacher, are not capable of knowing this or how to troubleshoot.
If on the otherhand you are just teaching something on a linux box, then perhaps calling the IT team at the school should be in order. Again, just asking what seems to be the obvious first. Sent from my HTC. ----- Reply message ----- From: "Dr Beco" <rcb@beco.cc> Date: Mon, Aug 20, 2012 3:29 pm Subject: man in the middle attack ? To: "Lista Debian User" <debian-user@lists.debian.org> Dear linuxers, Today I registered a lot of students in the class, and 4 hours later I was in home and got a message one of them could not log in. So I tried and got this message: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ @ * *WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! * * @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 66:09:66:e3:e1:54:dc:65:e4:a4:74:99:c4:df:3e:ff. Please contact your system administrator. Add correct host key in /home/beco/.ssh/known_hosts to get rid of this message. Offending key in /home/beco/.ssh/known_hosts:1 RSA host key for beco.poli.br has changed and you have requested strict checking. Host key verification failed. What should I do, or where should I look, to understand this problem? Can I log in with my account remotely to see the problem, or should I better log in locally? Thanks, Beco. -- Dr. Beco A.I. research, Cognitive Scientist and Philosopher Linux Counter #201942 -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/CALuYw2zMFMh1+0cnZsKv+_qducRCGPhmfCQZRWm2Q8zVgnr+z Q@mail.gmail.com |
man in the middle attack ?
On Mon, 2012-08-20 at 22:43 +0200, Ralf Mardorf wrote:
> Hi Dr. Beco A.I. research, Cognitive Scientist and Philosopher Linux > Counter #201942, > > take an educated guess or ask one of your A.I. thingy to take an > educated guess. > > Regards, > Ralf > > PS: When I was a child one of my heroes was > http://de.wikipedia.org/wiki/Joseph_Weizenbaum , he still is. Most > teachers are a PITA. PS: "Weizenbaum bezeichnete sich selbst als Dissidenten und Ketzer der Informatik." I'm, unable to translate this 100% correct. But he was and for me he still is that way, especially regarding to guys with signatures similar to "A.I. research, Cognitive Scientist and Philosopher Linux Counter #201942" Barf! -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/1345495737.1285.106.camel@localhost.localdomain |
man in the middle attack ?
Dr Beco wrote:
> Today I registered a lot of students in the class, and 4 hours later I > was in home and got a message one of them could not log in. > > So I tried and got this message: > > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that the RSA host key has just been changed. > The fingerprint for the RSA key sent by the remote host is > 66:09:66:e3:e1:54:dc:65:e4:a4:74:99:c4:df:3e:ff. > Please contact your system administrator. > Add correct host key in /home/beco/.ssh/known_hosts to get rid of this message. > Offending key in /home/beco/.ssh/known_hosts:1 > RSA host key for beco.poli.br has changed and you have requested > strict checking. > Host key verification failed. > > > What should I do, or where should I look, to understand this problem? > > Can I log in with my account remotely to see the problem, or should I > better log in locally? As has been suggested, if you are not the system administrator of the system, contact whoever is (it seems to that you are not). It's usually that just that particular IP address for that machine on the LAN has been used with a different key before but it could be something malicious. Best to get hold of your admin ASAP. I'd like to apologise for the abuse you have suffered at the hands of certain members of this list. Uncalled for, rude & unhelpful. Ubuntu is a very similar distro to Debian & you may find it worth your while to unsubscribe here & subscribe to Ubuntu's list. They are much more friendly, courteous & helpful. Cheers, Phil... -- currently (ab)using CentOS 6.3, Debian Squeeze, Fedora Beefy, OS X Snow Leopard, Ubuntu Precise -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 5032BF08.7060205@gmail.com">http://lists.debian.org/5032BF08.7060205@gmail.com |
man in the middle attack ?
On Tuesday 21,August,2012 04:29 AM, Dr Beco wrote:
> Dear linuxers, > > > Today I registered a lot of students in the class, and 4 hours later I > was in home and got a message one of them could not log in. > > So I tried and got this message: > > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that the RSA host key has just been changed. > The fingerprint for the RSA key sent by the remote host is > 66:09:66:e3:e1:54:dc:65:e4:a4:74:99:c4:df:3e:ff. > Please contact your system administrator. > Add correct host key in /home/beco/.ssh/known_hosts to get rid of this message. > Offending key in /home/beco/.ssh/known_hosts:1 I met similar things many times, you may just simply vim /home/beco/.ssh/known_hosts delete the line 1 key there, or you may delete all. and ssh again, Thanks, Best regards, > RSA host key for beco.poli.br has changed and you have requested > strict checking. > Host key verification failed. > > > What should I do, or where should I look, to understand this problem? > > Can I log in with my account remotely to see the problem, or should I > better log in locally? > > > Thanks, > Beco. > > -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 503303DD.6050406@gmail.com">http://lists.debian.org/503303DD.6050406@gmail.com |
man in the middle attack ?
http://lackof.org/taggart/hacking/ssh/ -> Don't ignore ssh host key warnings (at the end)
On 21/08/12 05:43, lina wrote: On Tuesday 21,August,2012 04:29 AM, Dr Beco wrote: Dear linuxers, Today I registered a lot of students in the class, and 4 hours later I was in home and got a message one of them could not log in. So I tried and got this message: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 66:09:66:e3:e1:54:dc:65:e4:a4:74:99:c4:df:3e:ff. Please contact your system administrator. Add correct host key in /home/beco/.ssh/known_hosts to get rid of this message. Offending key in /home/beco/.ssh/known_hosts:1 I met similar things many times, you may just simply vim /home/beco/.ssh/known_hosts delete the line 1 key there, or you may delete all. and ssh again, Thanks, Best regards, RSA host key for beco.poli.br has changed and you have requested strict checking. Host key verification failed. What should I do, or where should I look, to understand this problem? Can I log in with my account remotely to see the problem, or should I better log in locally? Thanks, Beco. -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 50330753.6090306@rezozer.net">http://lists.debian.org/50330753.6090306@rezozer.net |
man in the middle attack ?
On 21/08/2012, Phil Dobbin <bukowskiscat@gmail.com> wrote:
> > I'd like to apologise for the abuse you have suffered at the hands of > certain members of this list. Uncalled for, rude & unhelpful. I agree. Attacking strangers might be a brief distraction from a bad day, or a sad life, but it is not the majority spirit here. Please ignore. -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/CAMPXz=pK3ePxyUiWidW1uqfr1StxVp_F7+i2fKAPNsUKrRPEZ g@mail.gmail.com |
man in the middle attack ?
On 21/08/2012, lina <lina.lastname@gmail.com> wrote:
> On Tuesday 21,August,2012 04:29 AM, Dr Beco wrote: >> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ >> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! >> Someone could be eavesdropping on you right now (man-in-the-middle >> attack)! >> It is also possible that the RSA host key has just been changed. >> Please contact your system administrator. > > I met similar things many times, you may just simply > vim /home/beco/.ssh/known_hosts > delete the line 1 key there, or you may delete all > and ssh again, lina's instructions are correct, but they completely bypass the security of ssh. Follow them only if you do not care about the security of your client or the server, and if you do not care about the warnings above. Otherwise, investigate why the host now has a different security key since last time you accessed it. -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/CAMPXz=oE7-VrzcRqgn1WaoFFRMygUVFz5H+xK9uoDWnsi03pAA@mail.gmai l.com |
| All times are GMT. The time now is 09:11 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.