Link to home
Start Free TrialLog in
Avatar of Buraque
Buraque

asked on

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! Cannot SSH to a remote server

Hi,

Server is running CentOS 3.4, cPanel and Web Host Manager installed.
After I have installed APF,  I cannot connect with SSH anymore.

Here is what I got, when I try to ssh:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d3:d9:7f:9a:e8:c8:0d:2e:5e:bf:49:86:e7:02:87:7c.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:2
RSA host key for kanmonline.net has changed and you have requested strict checki ng.
Host key verification failed.

Since this is a remote server, I cannot edit any configuration file without SSH.
Is there any other way than SSH, to let me access as root, and edit the files like known_hosts and other .conf files?
SOLUTION
Avatar of rindi
rindi
Flag of Switzerland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Buraque
Buraque

ASKER

I think I couldn't be clear on this.

I am trying to connect a remote server as root, not one of the users. I was able to do that, but somehow I probably screwed some firewal settings, I'm not sure, now I cannot connect at all.

Therefore I cannot edit any any files, including known_hosts. I am searching a way to edit that file other than SSH.with cPanel or whm maybe?
You have to edit that file on the PC you are using to connect with, not on the server. If you are trying to connect as root then the file is in /root/.ssh/known_hosts. At least if you are using a linux OS on your client.
Avatar of Buraque

ASKER

Oh!
I see.

I will try it on my linux laptop. But right now I am using winXp. Do you know where to edit in Windows system?
No Idea. What client are you using there?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Buraque

ASKER

I am using putty. It gives access denied error. But I am sure I am using correct root password.
Because I can login WHM as root with same password.
PuTTY will let you accept or deny connect to the host in question.

just click on "accept" and the new key will be stored in the putty registry.
Avatar of Buraque

ASKER

Strangely, When I try ssh command in linux, connection fails with the above message.
But when I use putty in windows, it doesn't ask any questions.
It is just:
user: root
password for root@domain.net: ******
Access Denied

ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Buraque

ASKER

Thanks Redimido
 that helped for sure.
Problem still persists but I just realized the the problem. I think I disabled root login via ssh when I am trying to tweak the server for security. I tried to log in with another user and I could. However, all users have access permisions for their own folder only. So with that user I cannot edit/change any conf. file I think (?)
Is there any way to do that?
> Because I can login WHM as root with same password.
> I think I disabled root login via ssh
Login as regular user and do
su -
to switch to root, then edit /etc/ssh/sshd_config :
PermitRootLogin yes

Restart sshd
/etc/init.d/sshd restart

Or you disable root login in other configuration file, just reverse what you did.
Avatar of Buraque

ASKER

I did as what you told.
su - asked me a password (I assume root pw)
I entered root password, but it says "incorrect password"

I know for sure, the password I have written is correct. Because I can access WHM as root with same password.

What does WHM stand for?
Does WHM root password the same as CentOS 3.4 console root password?
I think you do not have the correct password.

it is easy to change the password if you have direct access to the computer

bu remotely... mmhh... it will be difficult.

please remember correct root password. it should not be the same of an app. password.
Avatar of Buraque

ASKER

WHM stands for Web Host Manager, it is an application to control all accounts in the server, an extension of cPanel. I am not a web host, but I have several personal accounts in a dedicated server.

and yes, WHM password is same with the console root password. When I purchase the server, ISP gave me a root password and I changed it for security reasons.
I have both passwords now. But both not working in su -  command.

I am gonna contact my ISP I guess, for last resort.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
> But both not working in su -  command.
I suspect the root password has been reset by your ISP.
Avatar of Buraque

ASKER

I am using this server for about 6 months now.
You can change your root password using WHM. And I changed my root password several times. And everytime I do that, my new password worked as SSH root password as well.
I think problem is, I disabled the root access in sshd configuration. I will ask my ISP to enable again.
> I disabled the root access in sshd configuration.
However, how to explain that you can not do "su -" to gain root access?
Unless you also disable "su -" or "su" in PAM or some security configuration files.
Avatar of Buraque

ASKER

> However, how to explain that you can not do "su -" to gain root access?
> Unless you also disable "su -" or "su" in PAM or some security configuration files.

I don't know. I actually enabled "su -" for one user. And if I disable it, I won't ask for password right?
Buraque

it looks like that process to enable one user to use "su", could have been part of the problem itself. maybe that configuration is the one disabling you to "su" to root.

if that's the case, then changing root password will not help you at all.

to verify it, you can talk with your isp and ask them if they can login as root using your actual password. If they can, then just in order to fix what you did, ask them to enable root access in ssh, and restart the sshd daemon.

then fix the problem and consider using keys next time, and not only passwords.

Avatar of Buraque

ASKER

As I suspected
Disabling root access in sshd configuration, also disables to "su -" to the root from any user.

My ISP enabled root SSH access again, and problem solved
thanks veryone
he...

and we got a "b" because we didn't got to the point? hehehehe


it's okay. but consider using keys instead passwords for sensitive tasks.
Thanks.