vB Easy Archive - man-in-the-middle attack??? OpenSSH Problems

Pages: 1

man-in-the-middle attack??? OpenSSH Problems
(Click here to view the original thread with full colors/images)

Posted by: tony_stacks

I've had OpenSSH on my jailbroken iPhone(1.1.4) for a while and was always able to ssh into the iPhone from my Mac using Terminal with no problems until now.

After a restore through iTunes, I went through the jailbreak process again (using ZiPhone 2.5c). I've reinstalled all my apps, including OpenSSH, and when I tried to logon for the first time I got this message:

Last login: Tue Mar 11 23:40:28 on ttys000
anthony-vasquezs-macbook-pro-15:~ tony$ ssh root@192.168.0.5
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5e:ec:09:92:2b:b2:1d:a7:7d:56:ab:ac:3e:fb:9a:d0.
Please contact your system administrator.
Add correct host key in /Users/tony/.ssh/known_hosts to get rid of this message.
Offending key in /Users/tony/.ssh/known_hosts:3
RSA host key for 192.168.0.5 has changed and you have requested strict checking.
Host key verification failed.

Anyone have any ideas on how to resolve this? You think someone is really eavesdropping on me?

Posted by: freezefire

This just means that the RSA key that your SSH client on your computer had saved for the iPhone SSH, is not the same anymore. The RSA key gets generated by the SSH server app on the iphone at first connection.. so if you had to reinstall everything of course it changed. Nothing to worry about

Posted by: stonith

Quote:

Originally Posted by tony_stacks

Add correct host key in /Users/tony/.ssh/known_hosts to get rid of this message.
Offending key in /Users/tony/.ssh/known_hosts:3
RSA host key for 192.168.0.5 has changed and you have requested strict checking.
Host key verification failed.
[/B]

Anyone have any ideas on how to resolve this? You think someone is really eavesdropping on me?

Tony,

As the error says, go and edit the file "/Users/tony/.ssh/known_hosts" and remove the third entry and save the file.

Posted by: RNF1968

You can also try this from Terminal on your Mac:

rm /Users/tony/.ssh/known_hosts

I believe it does the same thing as stonith said.

Posted by: tony_stacks

Quote:

Originally Posted by stonith

Tony,

As the error says, go and edit the file "/Users/tony/.ssh/known_hosts" and remove the third entry and save the file.

Perfect...this did the trick. Thanks! Being pretty much a noob regarding shh and terminal I was afraid I screwed something up or somene was snooping around in my computer.

Posted by: TechGuy40

I wouldn't be so quick to assume its because of a restore. I work in a shop, and use OpenSSH on all my phones I unlock and sell. Never have I seen this error on WinSCP, or the phone. No matter how many diferent phones I use, or how many times I restore my own phone.

Posted by: stonith

Quote:

Originally Posted by TechGuy40

I wouldn't be so quick to assume its because of a restore. I work in a shop, and use OpenSSH on all my phones I unlock and sell. Never have I seen this error on WinSCP, or the phone. No matter how many diferent phones I use, or how many times I restore my own phone.

Well restore is partly to blame, but what is really happening is, he reinstalled the SSH Server program on his iPHONE and it regenerated completely different key than what was used before. Now all the previous programs that connected to that IP before stores its key cache, and obviously its not matching up with the newly generated one from a fresh OpenSSH Server install on the iphone.

Hardly a man-in-the-middle attack, since he was the one that performed the reinstall. I get this all the time when I re-ip or do a takeover of a server and have to delete the old cached key from my SSH program.

Posted by: richy240

Doesn't anyone search anymore? And better yet, can someone lock this thread since it's already been covered over and over again?

Posted by: RNF1968

Quote:

Originally Posted by richy240

Doesn't anyone search anymore? And better yet, can someone lock this thread since it's already been covered over and over again?

Great input! Thanks for your help!