DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th July 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Default SSH failure when connecting to another machine via X

Thanks jggimi ! I still can't log in on to X .. I also tried sshing to Bondie Blue but :
Code:
 $ ssh -l fenrir 192.168.1.2  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is dd:e1:66:35:41:4f:80:3c:d8:9b:4d:39:9b:46:77:55. Please contact your system administrator. Add correct host key in /home/nyx/.ssh/known_hosts to get rid of this message. Offending RSA key in /home/nyx/.ssh/known_hosts:2 RSA host key for 192.168.1.2 has changed and you have requested strict checking. Host key verification failed.
Reply With Quote
  #2   (View Single Post)  
Old 26th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by daemonfowl View Post
Thanks jggimi ! I still can't log in on to X ..
You have not bothered to show this failed connection to 192.168.1.3, leaving me to wonder what you mean by "can't log in on to X".

Instead, you hijacked your own thread to discuss a new, unrelated problem connecting to your 192.168.1.2 machine. I'll ask an admin to split this thread for you again.

Let's read the error message you received, together. I'm going to break it up into separate lines, so that it is easier to read, and break it up into separate code boxes, for discussion.

Here's the first part of the message. Note the highlighted text:
Code:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! 
Someone could be eavesdropping on you right now 
(man-in-the-middle attack)! It is also possible that a host 
key has just been changed.
Now, let's read this section of the ssh(1) man page, and the text I've highlighted:
Code:
     ssh automatically maintains and checks a database containing
     identification for all hosts it has ever been used with.  Host keys are
     stored in ~/.ssh/known_hosts in the user's home directory.  Additionally,
     the file /etc/ssh/ssh_known_hosts is automatically checked for known
     hosts.  Any new hosts are automatically added to the user's file.  If a
     host's identification ever changes, ssh warns about this and disables
     password authentication to prevent server spoofing or man-in-the-middle
     attacks, which could otherwise be used to circumvent the encryption.  The
     StrictHostKeyChecking option can be used to control logins to machines
     whose host key is not known or has changed.
The first time OpenBSD boots after install, it spends some time building host keys for all its standard network host services. If you re-install OpenBSD, new keys will be created.

The ssh(1) program has prevented connection, because you previously told it to store a different host key for the computer at 192.168.1.2.

Now let's read the rest of that message from ssh(1). Note my highlights:
Code:
The fingerprint for the RSA key sent by the remote host is 
dd:e1:66:35:41:4f:80:3c:d8:9b:4d:39:9b:46:77:55. Please 
contact your system administrator. Add correct host key in 
/home/nyx/.ssh/known_hosts to get rid of this message. 
Offending RSA key in /home/nyx/.ssh/known_hosts:2 RSA host 
key for 192.168.1.2 has changed and you have requested 
strict checking. Host key verification failed.

Last edited by jggimi; 26th July 2012 at 07:55 PM. Reason: clarity
Reply With Quote
  #3   (View Single Post)  
Old 26th July 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Yet another instance of daemonfowl hijacking discussion. This discussion has been split from its parent thread.

Reply With Quote
  #4   (View Single Post)  
Old 26th July 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Default

I suspected the first machine so I tried iMac.. who's got a antidote for Df.THS .. I'm a nightmare .. million 'Sorries'
Reply With Quote
  #5   (View Single Post)  
Old 27th July 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Default

Thanks very much , jggimi ! well explained !
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with sound when connecting to TV sepuku OpenBSD General 9 9th August 2011 07:30 PM
Trouble connecting to the internet sepuku OpenBSD General 10 25th July 2011 07:05 PM
pkg_add problems with connecting Mr-Biscuit NetBSD Package System (pkgsrc) 2 26th May 2009 11:44 AM
Connecting to router wirelessly guitarscn OpenBSD General 16 21st January 2009 03:47 AM
Connecting to wireless router TomAmundsen FreeBSD General 19 25th August 2008 10:14 PM


All times are GMT. The time now is 04:52 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick