The error can also happen if there are a few boxes with ssh that have dynamic IPs..
On Wednesday 07 May 2003 10:36 am, Hobbs, Richard wrote: > Hello, > > The SSH error is usually caused by the SSH server (your machine) being > reformatted, or having SSH uninstalled and reinstalled, or have the > public/private keys regenerated for some reason. have you recently made any > changes to SSH, or reinstalled your system?? > > It could also happen if he has been making changes to his > "~/.ssh/known_hosts" file. > > HTH... > > Richard. > > Quoting Ian Goodall <[EMAIL PROTECTED]>: > > Thanks for your help Guys. > > > > It now says this: > > > wtmp begins Wed May 7 13:21:47 2003 > > > > I think that is what had happened. I am new to this and this just looked > > dodgy to me! > > > > A friend also has ssh shell access to the box and got the following error > > message when connecting to the same my box: > > > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > > > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > > > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > > > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > > > > Someone could be eavesdropping on you right now (man-in-the-middle > > attack)! > > > > It is also possible that the RSA host key has just been changed. > > > > The fingerprint for the RSA key sent by the remote host is > > > > 51:bd:cd:2e:6a:b7:35:b9:54:33:a8:e2:9a:57:95:0d. > > > > Please contact your system administrator. > > > > I don't get this from any other computers so is this just his computer? > > > > Thanks > > > > ----- Original Message ----- > > From: "Eric LeBlanc" <[EMAIL PROTECTED]> > > To: "Ian Goodall" <[EMAIL PROTECTED]> > > Cc: <debian-security@lists.debian.org> > > Sent: Wednesday, May 07, 2003 3:23 PM > > Subject: Re: Have I been hacked? > > > > > Check if your program have rotated the logs... > > > > > > cd /var/log > > > > > > ls -l wtmp* > > > > > > and, check in /etc/cron* or do a crontab -l (in user root) > > > > > > > > > E. > > > -- > > > Eric LeBlanc > > > [EMAIL PROTECTED] > > > -------------------------------------------------- > > > UNIX is user friendly. > > > It's just selective about who its friends are. > > > ================================================== > > > > > > On Wed, 7 May 2003, Ian Goodall wrote: > > > > I am running a debian woody server and when I checked the last users > > > > yesterday I a large number of logins in the list. On running the > > > > command today I get the following: > > > > > > > > dev1:/home/ian# last > > > > ian pts/0 172.16.3.195 Wed May 7 14:49 still > > > > logged > > > > in > > > > > > team1 pts/0 blue99.ex.ac.uk Wed May 7 13:21 - 13:57 > > > > (00:35) > > > > > > > > I have run chkrootkit but nothing was found. > > > > > > > > I have never had this before. Am I being paranoid or is someone > > > > trying > > > > to > > > > > > cover up their tracks? > > > > > > > > Thanks > > > > > > > > ijg0 > > > > > > > > > > > > > > > > -- > > > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > > > with a subject of "unsubscribe". Trouble? Contact > > > > [EMAIL PROTECTED] > > > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED]
