Sunday, June 21, 2009

eavesdropping in ssh

This happens when we are switching from old server to another server and assigned a different IP address from the specific domain name.

bash-3.1$ ssh myname@example.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for example.com has changed,
and the key for the according IP address 198.2.1.1
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/myname/.ssh/known_hosts:16
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
60:9a:52:78:03:1e:66:78:33:25:19:ae:44:08:01:89.
Please contact your system administrator.
Add correct host key in /home/myname/.ssh/known_hosts to get rid of this message.
Offending key in /home/myname/.ssh/known_hosts:13
RSA host key for example.com has changed and you have requested strict checking.
Host key verification failed.


This is how ssh works, but if you know that your server is really which is which. Though dig-ging it might be a help.
example in your bash shell, type:

$> dig example.com
or
$> dig -x example.com
with -x if you want to know the reverse lookups, mapping addresses to names