SSH Server Host Keys Changed?

Upon attempting to login via ssh, PuTTY provides the following warning:

WARNING - POTENTIAL SECURITY BREACH!

The server's host key does not match the one PuTTY has cached in the registry. (other explanatory text follows, as well as the new RSA2 key fingerprint offerred by the server)

From the PuTTY manual:
"10.2 ‘WARNING - POTENTIAL SECURITY BREACH!’

This message, followed by ‘The server's host key does not match the one PuTTY has cached in the registry’, means that PuTTY has connected to the SSH server before, knows what its host key should be, but has found a different one.

This may mean that a malicious attacker has replaced your server with a different one, or has redirected your network connection to their own machine. On the other hand, it may simply mean that the administrator of your server has accidentally changed the key while upgrading the SSH software; this shouldn't happen but it is unfortunately possible.

You should contact your server's administrator and see whether they expect the host key to have changed. If so, verify the new host key in the same way as you would if it was new. "

Did Dreamhost change host key's on us?

-rlparker

In reply to:
Did Dreamhost change host key's on us?

I used PuTTY to connect to my server ('Bixel') a little while ago and I didn't see anything out of the ordinary.

Mark

Thanks for the response, Mark! FWIW, the server I was connecting to was 'Genki'.

--rlparker

In reply to:
the server I was connecting to was 'Genki'.

If they did change keys, it doesn't appear to have been a system wide thing, perhaps just a box or two.

Mark

It's been a while since I SSH'd to my account but just tried connecting to Grant and also received a key change warning. Unfortunately, at the moment I can't compare the known_hosts file on the machine I'm on with another one I have.

[I thought the IP was also different but I made a typo doing the lookup]

Edited by extra88 on 07/03/06 02:37 PM (server time).

Just heard back from support, the host key had indeed changed. Good to know there's nothing nefarious going on. A notice would have been nice.

In reply to:
A notice would have been nice

My feelings exactly.

--rlparker

In February I got a similar error sshing from one domain to another (on one server). I got this response from support:

In reply to:
Our keys do indeed change from time to time, when the server is moved to new hardware. The current key fingerprint for 'your-server.dreamhost.com' is: blah:blah ssh_host_rsa_key.pub

which gave some relief, but the message went on to say:

In reply to:
So it would indeed look like you're going to the wrong server. I would check your machine for trojans and backdoors, as well as check any machine on your network that you have control of, as someone might just be upto no good.

which was cause for concern. They apparently didn't catch that I was sshing from server to server because they said:

In reply to:
The known_hosts file is stored on your local machine, so we would not be able to change it at all.

so I just deleted that file on the server, and went on.

Works ok since then, and new attendees at my political meetings have been on the increase too. I'd say more, but the NSL they gave me when demanding membership records says I can't.

tor.eff.org

http://status.dreamhost.com/index.php?s=genki

SSH Server Host Keys Changed?