well. sounds like some automatic deploytment tool? error ip ip address or other configuration failure?
http://stackoverflow.com/questions/6356212/ant-scp-task-failure
-- Eero
2015-09-21 11:29 GMT+03:00 James B. Byrne byrnejb@harte-lyne.ca:
This morning's log review revealed this sshd log entry on one of our web services hosts:
Received disconnect: 11: disconnected by user : 2 Time(s) 3: com.jcraft.jsch.JSchException: reject HostKey: 216.185.71.170 : 1 Time(s)
The IP address used is that of a public facing database query page for our freight transit information. It is itself a virtual IP address hosted on the system reporting the error. In other words, if this were a legitimate connection then the situation would be that of an ssh client connecting to an sshd server running on the same host albeit each using a different IP address. In other words, the hostkeys would be identical.
It seems to me that someone attempted an ssh connection while spoofing our internal address. Is such a thing even possible? If so then how does it work?
What is com.jcraft.jsch?
-- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos