Anyone ever come across a linux server host key changing with out a reboot, sshd restart, change in negotiating (SSHv1, SSHv2), and different DNS name or IP address?
I have a server on RHEL4.4 that changed its host key. Red Hat Enterprise Linux ES release 4 (Nahant Update 4)
openssh-server-3.9p1-8.RHEL4.15 2.6.9-42.ELsmp
uptime 944 days
Started getting the eavesdropping message from a login that is supposed to login w/o a password. And always did before today.
On Thu, Apr 16, 2009, Ed Donahue wrote:
Anyone ever come across a linux server host key changing with out a reboot, sshd restart, change in negotiating (SSHv1, SSHv2), and different DNS name or IP address?
That would make me very suspicious that the box had been cracked, and that a foreign sshd had been substituted for the real one.
rpm -V is your friend.
Bill
-
Bill Campbell -
Ed Donahue -
Phil Schaffner