Timeout's picture

I did a system upgraded for two computers, which can ssh each other without a password. After I reboot, i got the following message

 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d8:6e:d7:61:8e:b8:0c:ef:6d:a3:3a:36:b5:1d:c2:fc.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
 
I corrected them manually. However, everytime I reboot, the system seems will change default RSA again, any idea why? What is the solution?
 
J.
Forum: 
Timeout's picture

 

root@OSCAR-SLAVE /etc/ssh# ls -la
total 156
drwxr-xr-x   2 root root   4096 Mar  8 09:51 .
drwxr-xr-x 107 root root   4096 Mar  8 09:51 ..
-rw-r--r--   1 root root 125749 May 19  2010 moduli
-rw-r--r--   1 root root   1616 May 19  2010 ssh_config
-rw-------   1 root root    668 Mar  8 09:51 ssh_host_dsa_key
-rw-r--r--   1 root root    606 Mar  8 09:51 ssh_host_dsa_key.pub
-rw-------   1 root root   1675 Mar  8 09:51 ssh_host_rsa_key
-rw-r--r--   1 root root    398 Mar  8 09:51 ssh_host_rsa_key.pub
-rw-r--r--   1 root root   2453 Dec 19  2010 sshd_config
 
It looks like that those keys changed after every reboot, how do I stop this?
 
J.
Timeout's picture

I think inithook has a bug here.

Jeremy Davis's picture

I'm assuming that you did 'apt-get upgrade'?

It is possible that you are right as I noticed that Alon (TKL core dev) updated inithooks to make it compatible with the new Debian release:

Upgraded to latest inithooks version (adhoc re-initialization via turnkey-init)

Assuming that it may be an inithooks bug, then you could double check the inithooks config. There should be enough info in the TKL docs about it to head you in the right direction there.

You could also try downgrading the package (back to what it was). All the upgraded packages should be in /var/cache/apt/archives (unless you've run 'apt-get clean'). If you haven't cleaned up for a while you may even have a previous version in there which you could downgrade to, otherwise you'll have to manually download a previous version from the TKL repo (check your /etc/apt/sources.list for that). Then manually install the older version: 'dpkg -i <package-name>.deb'.

Sorry I haven't got time to give you any more detailed info/help with this. If you confirm that it is a bug in inithooks then it'd be great if you could log a biug.

Timeout's picture

Hi Gabriel,

Thanks. I used the following command

 

update-rc.d -f inithooks remove

Add new comment