SSH Server Host Keys Changed?


#1

Upon attempting to login via ssh, PuTTY provides the following warning:

WARNING - POTENTIAL SECURITY BREACH!

The server’s host key does not match the one PuTTY has cached in the registry. (other explanatory text follows, as well as the new RSA2 key fingerprint offerred by the server)

From the PuTTY manual:
"10.2 ‘WARNING - POTENTIAL SECURITY BREACH!’

This message, followed by ‘The server’s host key does not match the one PuTTY has cached in the registry’, means that PuTTY has connected to the SSH server before, knows what its host key should be, but has found a different one.

This may mean that a malicious attacker has replaced your server with a different one, or has redirected your network connection to their own machine. On the other hand, it may simply mean that the administrator of your server has accidentally changed the key while upgrading the SSH software; this shouldn’t happen but it is unfortunately possible.

You should contact your server’s administrator and see whether they expect the host key to have changed. If so, verify the new host key in the same way as you would if it was new. "

Did Dreamhost change host key’s on us?

-rlparker


#2

I used PuTTY to connect to my server (‘Bixel’) a little while ago and I didn’t see anything out of the ordinary.

Mark


Save [color=#CC0000]$50[/color] on DreamHost hosting using promo code [color=#CC0000]SAVEMONEY[/color] ( Click for promo code details )


#3

Thanks for the response, Mark! FWIW, the server I was connecting to was ‘Genki’.

–rlparker


#4

If they did change keys, it doesn’t appear to have been a system wide thing, perhaps just a box or two.

Mark


Save [color=#CC0000]$50[/color] on DreamHost hosting using promo code [color=#CC0000]SAVEMONEY[/color] ( Click for promo code details )


#5

It’s been a while since I SSH’d to my account but just tried connecting to Grant and also received a key change warning. Unfortunately, at the moment I can’t compare the known_hosts file on the machine I’m on with another one I have.

[I thought the IP was also different but I made a typo doing the lookup]


#6

Just heard back from support, the host key had indeed changed. Good to know there’s nothing nefarious going on. A notice would have been nice.


#7

My feelings exactly.

–rlparker


#8

In February I got a similar error sshing from one domain to another (on one server). I got this response from support:

which gave some relief, but the message went on to say:

which was cause for concern. They apparently didn’t catch that I was sshing from server to server because they said:

so I just deleted that file on the server, and went on.

Works ok since then, and new attendees at my political meetings have been on the increase too. I’d say more, but the NSL they gave me when demanding membership records says I can’t.

tor.eff.org


#9

http://status.dreamhost.com/index.php?s=genki


#10

I think we (or rather, DreamHost) can do better on this front. I’ve started making inroads. Have documented progress here: http://wiki.dreamhost.com/Talk:Security#DreamHost_SSH_key_fingerprints


#11

Please go here and vote for DreamHost to make this easy!


#12

Well, better late than never. It seems that some of the most important core features, at least security-wise, take a small tragedy before they are implemented. The password breach at the beginning of the year finally got our passwords stored in an unrecoverable format. And whatever secret event that DH won’t own up to which forced a reset of all SSH keys a few months ago has finally pushed DH to put the keys in the panel: https://panel.dreamhost.com/index.cgi?tree=users.sshkeys&

Thanks DH. I’m glad it’s available now so I don’t have to exchange 5-6 emails with support next time asking them to verify the fingerprint.

Now if we could just tighten up the database security issues…