Buraque
asked on
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! Cannot SSH to a remote server
Hi,
Server is running CentOS 3.4, cPanel and Web Host Manager installed.
After I have installed APF, I cannot connect with SSH anymore.
Here is what I got, when I try to ssh:
@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d3:d9:7f:9a:e8:c8:0d:2e:5e :bf:49:86: e7:02:87:7 c.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:2
RSA host key for kanmonline.net has changed and you have requested strict checki ng.
Host key verification failed.
Since this is a remote server, I cannot edit any configuration file without SSH.
Is there any other way than SSH, to let me access as root, and edit the files like known_hosts and other .conf files?
Server is running CentOS 3.4, cPanel and Web Host Manager installed.
After I have installed APF, I cannot connect with SSH anymore.
Here is what I got, when I try to ssh:
@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d3:d9:7f:9a:e8:c8:0d:2e:5e
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:2
RSA host key for kanmonline.net has changed and you have requested strict checki ng.
Host key verification failed.
Since this is a remote server, I cannot edit any configuration file without SSH.
Is there any other way than SSH, to let me access as root, and edit the files like known_hosts and other .conf files?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You have to edit that file on the PC you are using to connect with, not on the server. If you are trying to connect as root then the file is in /root/.ssh/known_hosts. At least if you are using a linux OS on your client.
ASKER
Oh!
I see.
I will try it on my linux laptop. But right now I am using winXp. Do you know where to edit in Windows system?
I see.
I will try it on my linux laptop. But right now I am using winXp. Do you know where to edit in Windows system?
No Idea. What client are you using there?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am using putty. It gives access denied error. But I am sure I am using correct root password.
Because I can login WHM as root with same password.
Because I can login WHM as root with same password.
PuTTY will let you accept or deny connect to the host in question.
just click on "accept" and the new key will be stored in the putty registry.
just click on "accept" and the new key will be stored in the putty registry.
ASKER
Strangely, When I try ssh command in linux, connection fails with the above message.
But when I use putty in windows, it doesn't ask any questions.
It is just:
user: root
password for root@domain.net: ******
Access Denied
But when I use putty in windows, it doesn't ask any questions.
It is just:
user: root
password for root@domain.net: ******
Access Denied
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Redimido
that helped for sure.
Problem still persists but I just realized the the problem. I think I disabled root login via ssh when I am trying to tweak the server for security. I tried to log in with another user and I could. However, all users have access permisions for their own folder only. So with that user I cannot edit/change any conf. file I think (?)
Is there any way to do that?
that helped for sure.
Problem still persists but I just realized the the problem. I think I disabled root login via ssh when I am trying to tweak the server for security. I tried to log in with another user and I could. However, all users have access permisions for their own folder only. So with that user I cannot edit/change any conf. file I think (?)
Is there any way to do that?
> Because I can login WHM as root with same password.
> I think I disabled root login via ssh
Login as regular user and do
su -
to switch to root, then edit /etc/ssh/sshd_config :
PermitRootLogin yes
Restart sshd
/etc/init.d/sshd restart
Or you disable root login in other configuration file, just reverse what you did.
> I think I disabled root login via ssh
Login as regular user and do
su -
to switch to root, then edit /etc/ssh/sshd_config :
PermitRootLogin yes
Restart sshd
/etc/init.d/sshd restart
Or you disable root login in other configuration file, just reverse what you did.
ASKER
I did as what you told.
su - asked me a password (I assume root pw)
I entered root password, but it says "incorrect password"
I know for sure, the password I have written is correct. Because I can access WHM as root with same password.
su - asked me a password (I assume root pw)
I entered root password, but it says "incorrect password"
I know for sure, the password I have written is correct. Because I can access WHM as root with same password.
What does WHM stand for?
Does WHM root password the same as CentOS 3.4 console root password?
Does WHM root password the same as CentOS 3.4 console root password?
I think you do not have the correct password.
it is easy to change the password if you have direct access to the computer
bu remotely... mmhh... it will be difficult.
please remember correct root password. it should not be the same of an app. password.
it is easy to change the password if you have direct access to the computer
bu remotely... mmhh... it will be difficult.
please remember correct root password. it should not be the same of an app. password.
ASKER
WHM stands for Web Host Manager, it is an application to control all accounts in the server, an extension of cPanel. I am not a web host, but I have several personal accounts in a dedicated server.
and yes, WHM password is same with the console root password. When I purchase the server, ISP gave me a root password and I changed it for security reasons.
I have both passwords now. But both not working in su - command.
I am gonna contact my ISP I guess, for last resort.
and yes, WHM password is same with the console root password. When I purchase the server, ISP gave me a root password and I changed it for security reasons.
I have both passwords now. But both not working in su - command.
I am gonna contact my ISP I guess, for last resort.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> But both not working in su - command.
I suspect the root password has been reset by your ISP.
I suspect the root password has been reset by your ISP.
ASKER
I am using this server for about 6 months now.
You can change your root password using WHM. And I changed my root password several times. And everytime I do that, my new password worked as SSH root password as well.
I think problem is, I disabled the root access in sshd configuration. I will ask my ISP to enable again.
You can change your root password using WHM. And I changed my root password several times. And everytime I do that, my new password worked as SSH root password as well.
I think problem is, I disabled the root access in sshd configuration. I will ask my ISP to enable again.
> I disabled the root access in sshd configuration.
However, how to explain that you can not do "su -" to gain root access?
Unless you also disable "su -" or "su" in PAM or some security configuration files.
However, how to explain that you can not do "su -" to gain root access?
Unless you also disable "su -" or "su" in PAM or some security configuration files.
ASKER
> However, how to explain that you can not do "su -" to gain root access?
> Unless you also disable "su -" or "su" in PAM or some security configuration files.
I don't know. I actually enabled "su -" for one user. And if I disable it, I won't ask for password right?
> Unless you also disable "su -" or "su" in PAM or some security configuration files.
I don't know. I actually enabled "su -" for one user. And if I disable it, I won't ask for password right?
Buraque
it looks like that process to enable one user to use "su", could have been part of the problem itself. maybe that configuration is the one disabling you to "su" to root.
if that's the case, then changing root password will not help you at all.
to verify it, you can talk with your isp and ask them if they can login as root using your actual password. If they can, then just in order to fix what you did, ask them to enable root access in ssh, and restart the sshd daemon.
then fix the problem and consider using keys next time, and not only passwords.
it looks like that process to enable one user to use "su", could have been part of the problem itself. maybe that configuration is the one disabling you to "su" to root.
if that's the case, then changing root password will not help you at all.
to verify it, you can talk with your isp and ask them if they can login as root using your actual password. If they can, then just in order to fix what you did, ask them to enable root access in ssh, and restart the sshd daemon.
then fix the problem and consider using keys next time, and not only passwords.
ASKER
As I suspected
Disabling root access in sshd configuration, also disables to "su -" to the root from any user.
My ISP enabled root SSH access again, and problem solved
thanks veryone
Disabling root access in sshd configuration, also disables to "su -" to the root from any user.
My ISP enabled root SSH access again, and problem solved
thanks veryone
he...
and we got a "b" because we didn't got to the point? hehehehe
it's okay. but consider using keys instead passwords for sensitive tasks.
and we got a "b" because we didn't got to the point? hehehehe
it's okay. but consider using keys instead passwords for sensitive tasks.
Thanks.
ASKER
I am trying to connect a remote server as root, not one of the users. I was able to do that, but somehow I probably screwed some firewal settings, I'm not sure, now I cannot connect at all.
Therefore I cannot edit any any files, including known_hosts. I am searching a way to edit that file other than SSH.with cPanel or whm maybe?