well. sounds like some automatic deploytment tool? error ip ip address or other configuration failure? http://stackoverflow.com/questions/6356212/ant-scp-task-failure -- Eero 2015-09-21 11:29 GMT+03:00 James B. Byrne <byrnejb at harte-lyne.ca>: > This morning's log review revealed this sshd log entry on one of our > web services hosts: > > Received disconnect: > 11: disconnected by user : 2 Time(s) > 3: com.jcraft.jsch.JSchException: reject HostKey: 216.185.71.170 : > 1 Time(s) > > > The IP address used is that of a public facing database query page for > our freight transit information. It is itself a virtual IP address > hosted on the system reporting the error. In other words, if this > were a legitimate connection then the situation would be that of an > ssh client connecting to an sshd server running on the same host > albeit each using a different IP address. In other words, the > hostkeys would be identical. > > It seems to me that someone attempted an ssh connection while spoofing > our internal address. Is such a thing even possible? If so then how > does it work? > > What is com.jcraft.jsch? > > > -- > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > James B. Byrne mailto:ByrneJB at Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >