dudes, i received a message today from one of my users, who, logging in to one of our servers from a remote internet cafe (which she used for the first time) that:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the host key has just been changed. Please contact your system administrator. that's bad, but i couldn't reproduce it from five other remote systems. tripwire has not reported anything pertaining to a changed keyset in /etc/ssh, nor do i have a reboot registered or otherwise suspicious logins. is this possible? what's going on? does this really man that there was a man-in-the-middle attack? martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] -- "gilmour's guitar sounds good whether you've got a bottle of cider in your hand or a keyboard and a mouse." -- prof. bruce maxwell
