This means that someone changed the rsa key on the PIX and that is only became active after the reboot. Verify with your guys that they changed nothing - otherwise it could be a sort of "attack"
-----Original Message----- From: Jens von B|low [mailto:[EMAIL PROTECTED]] Sent: 10 February 2003 12:41 To: [EMAIL PROTECTED] Subject: pix: ssh - warning: remote host identification has changed [7:62737] Greetings, [jens@workstation jens]$ ssh @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA1 host key has just been changed. The fingerprint for the RSA1 key sent by the remote host is ba:07:12:e4:ed:21:7f:d3:45:07:6b:37:fc:36:0a:04. Please contact your system administrator. Add correct host key in /home/jens/.ssh/known_hosts to get rid of this message. Offending key in /home/jens/.ssh/known_hosts:2 RSA1 host key for cf17.jhb.nha.co.za has changed and you have requested strict checking. Host key verification failed. I am not sure under what conditions the ssh key for a PIX 515 would change - I have confirmed that it is not a DNS problem and confirmed that there are no private machines in between the workstation and the PIX firewall. I do know that we hade maintenance work done on the power in the computer room over the weekend = a reboot of the PIX - but why would that cause a change to its identification? Any clues/pointers? Thanks & Regards Jens Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62743&t=62743 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
