ardlian.net » ssh rsa man-in-the-middle attack http://ardlian.net just another think of me Wed, 11 Aug 2010 15:29:09 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ http://ardlian.net/2008/07/warning-remote-host-identification-has-changed/ http://ardlian.net/2008/07/warning-remote-host-identification-has-changed/#comments Wed, 23 Jul 2008 05:41:31 +0000 ardlian http://ardlian.wordpress.com/?p=85

Ardlian@the-dark:~$ ssh ardlixx@222.xxx.xxx.xxx
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
47:13:a0:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Please contact your system administrator.
Add correct host key in /home/ardlian/.ssh/known_hosts to get rid of this message.
Offending key in /home/ardlian/.ssh/known_hosts:5
RSA host key for 222.xxx.xxx.xx has changed and you have requested strict checking.
Host key verification failed.

biasa.. baru newbie menghadapi pesan seperti di atas jadi bingung… wke… setelah kontak sama server adminnya dan ternyata tidadk ada perubahan RSA key, gedubrak.. jadi tambbah bingung..

Tapi th3c0d3 pada dasarnya adalah orang yang cerdas, dia berpikir selama ada google semua bisa diatasi wke.. wke… dia dapa link ini . Oke pada intinya dari artikel dari link tersebut ada dua solusi,

Solusi 1

Jika SSH server kita cuma 1<Tinggal delet aja file known_hosts>

Maka langkah yang di ambil adalah :

rm .ssh/known_hosts
ssh ras.mydomain.com

Solusi 2

Jika SSH server kita lebih dari atu <tingal delet aja rsa key server tersebut>

1. Edit file known_hosts

vi +2 .ssh/known_hosts

2. Delet baris yang menunjukan rsa server 222.1xx.xxx.xx, kasus di atas adalah rsa yang kelima di tunjukkan oleh pesan erro “Offending key in /home/ardlian/.ssh/known_hosts:5“. untuk delet baris ketikkan command

dd

3. Kemudian save dan exit dengan command

:wq

coba login dengan SSh lagi, Jika berhasil maka

ardlian@the-dark:~$ ssh sixxxx@222.xxx.xxx.xxx
The authenticity of host ‘222.xxx.xxx.xxx (222.xxx.xxx.xxx)’ can’t be established.
RSA key fingerprint is 47:13:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘222.xxx.xxx.xxx’ (RSA) to the list of known hosts.
Password:
Last login: Tue Jul 22 16:18:39 2008 from 222.xxx.xxx.xxx
sixxxx@portxxxx:~>

Just For newbie

===========================================================================

Hal di atas disebabkan karena saat pertama kali th3c0d3 connect ssh server 222.xxx.xxx.xxx menggunakan IP yang berbeda dengan saat dia mendapatkan WARNING dari the-dark

===========================================================================

ref:

http://www.cyberciti.biz/faq/warning-remote-host-identification-has-changed-error-and-solution/

Share/Bookmark

]]> http://ardlian.net/2008/07/warning-remote-host-identification-has-changed/feed/ 2