Date: Fri, 12 Nov 1999 14:55:17 -0500 From: Niels Provos <provos@citi.umich.edu> To: Ollivier Robert <roberto@eurocontrol.fr>, freebsd-ports@freebsd.org Cc: markus@openbsd.org Subject: Re: Weird problem with OpenSSH Message-ID: <199911121955.OAA18322@india.citi.umich.edu> In-Reply-To: provos@openbsd.org, Fri, 12 Nov 1999 13:44:29 CST
next in thread | raw e-mail | index | archive | help
In message <199911121944.NAA28263@x40.deja.com>, provos@openbsd.org writes:
>debug: Remote protocol version 1.5, remote software version 1.2.26
>debug: Waiting for server public key.
>Warning: Server lies about size of server host key,
>Warning: this may be due to an old implementation of ssh.
>Warning: (actual size 1023 bits, announced size 1024 bits)
This means that the key on freefall has been generated with a buggy
version of ssh-keygen that pretended to create a 1024 bit key but only
created a 1023 bit one. ssh-1.2.27 is lying about key sizes because
it never checks them, whereas OpenSSH does.
>debug: Received server public key (768 bits) and host key (1023 bits).
>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>The host key for freefall.freebsd.org has changed,
>but the key for the according IP address 204.216.27.21 has
>a different status. This could either mean that DNS
>SPOOFING is happening or the IP address for the host
>and its host key have changed at the same time
>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>@ WARNING: HOST IDENTIFICATION HAS CHANGED! @
>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
>Someone could be eavesdropping on you right now (man-in-the-middle attack)!
>It is also possible that the host key has just been changed.
OpenSSH now also records the IP address with the hostname in the
known_hosts file to check for example for DNS spoofing.
In your case I presume the following happened, the key for freefall
changed, and you used OpenSSH for the first time. When OpenSSH receives
the public key from the server it notices:
1. the key in known_hosts labeled freefall.freebsd.org is different
from the one that I just received
2. the IP address for that host has not entry in the known_hosts
file that corresponds to the entry of freefall.freebsd.org,
DNS spoofing might be happening. This is also true if there
is no entry for the IP address itself, which can happen when
you didnt use OpenSSH before.
I hope this explanations helps a bit,
Niels.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911121955.OAA18322>