[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! Cannot SSH to a remote server

Posted on 2005-05-12
25
Medium Priority
?
7,002 Views
Last Modified: 2007-12-19
Hi,

Server is running CentOS 3.4, cPanel and Web Host Manager installed.
After I have installed APF,  I cannot connect with SSH anymore.

Here is what I got, when I try to ssh:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d3:d9:7f:9a:e8:c8:0d:2e:5e:bf:49:86:e7:02:87:7c.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:2
RSA host key for kanmonline.net has changed and you have requested strict checki ng.
Host key verification failed.

Since this is a remote server, I cannot edit any configuration file without SSH.
Is there any other way than SSH, to let me access as root, and edit the files like known_hosts and other .conf files?
0
Comment
Question by:Buraque
  • 10
  • 5
  • 5
  • +2
25 Comments
 
LVL 88

Assisted Solution

by:rindi
rindi earned 300 total points
ID: 13993363
The key you have to change is probably on your client. In the user's folder under whom you are trying to establish the connection, there should be a further folder, .ssh. Here you should find a file known_hosts. Make a copy of this file as backup and either delete it or remove the entry for your remote station.

After that you will probably be issued with a new key once you retry the connection.
0
 
LVL 1

Author Comment

by:Buraque
ID: 13993389
I think I couldn't be clear on this.

I am trying to connect a remote server as root, not one of the users. I was able to do that, but somehow I probably screwed some firewal settings, I'm not sure, now I cannot connect at all.

Therefore I cannot edit any any files, including known_hosts. I am searching a way to edit that file other than SSH.with cPanel or whm maybe?
0
 
LVL 88

Expert Comment

by:rindi
ID: 13993474
You have to edit that file on the PC you are using to connect with, not on the server. If you are trying to connect as root then the file is in /root/.ssh/known_hosts. At least if you are using a linux OS on your client.
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
LVL 1

Author Comment

by:Buraque
ID: 13993514
Oh!
I see.

I will try it on my linux laptop. But right now I am using winXp. Do you know where to edit in Windows system?
0
 
LVL 88

Expert Comment

by:rindi
ID: 13993527
No Idea. What client are you using there?
0
 
LVL 38

Assisted Solution

by:wesly_chen
wesly_chen earned 300 total points
ID: 13993667
Which ssh client software do you use?
putty, sshwin or cygwin?

For cygwin,
rm -f ~/.ssh/known_host*
to clean out the keys and regenerate it.
putty shouldn't have this problem since it doesn't store the host keys.
0
 
LVL 1

Author Comment

by:Buraque
ID: 13994563
I am using putty. It gives access denied error. But I am sure I am using correct root password.
Because I can login WHM as root with same password.
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 13995665
PuTTY will let you accept or deny connect to the host in question.

just click on "accept" and the new key will be stored in the putty registry.
0
 
LVL 1

Author Comment

by:Buraque
ID: 13995973
Strangely, When I try ssh command in linux, connection fails with the above message.
But when I use putty in windows, it doesn't ask any questions.
It is just:
user: root
password for root@domain.net: ******
Access Denied

0
 
LVL 19

Accepted Solution

by:
Gabriel Orozco earned 600 total points
ID: 13996042
well

a) in linux, the client stores the server's key in order to check for security. if you upgraded your ssh server then this can happend. in such case, edit your client's ~/.ssh/known_hosts file and delete server's key and try again.
b) in any host, if you tried to connect to your server *after* you upgraded the server's key, then the key that's stored on the client is the new one, so following reconnections will not alert you about any key changed.
c) if you did not upgraded any software, then be warned your server could have been compromised. this is an alarm. check for rootkits and updated files after you reconnect
d) if you didn't changed server's password and suddenly you cannot reconnect, then again you have red alarms there.
e) did you disable root's login via ssh? try using another username (you DO have a second username there, right?)

hope this help
0
 
LVL 1

Author Comment

by:Buraque
ID: 13996200
Thanks Redimido
 that helped for sure.
Problem still persists but I just realized the the problem. I think I disabled root login via ssh when I am trying to tweak the server for security. I tried to log in with another user and I could. However, all users have access permisions for their own folder only. So with that user I cannot edit/change any conf. file I think (?)
Is there any way to do that?
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13997827
> Because I can login WHM as root with same password.
> I think I disabled root login via ssh
Login as regular user and do
su -
to switch to root, then edit /etc/ssh/sshd_config :
PermitRootLogin yes

Restart sshd
/etc/init.d/sshd restart

Or you disable root login in other configuration file, just reverse what you did.
0
 
LVL 1

Author Comment

by:Buraque
ID: 13998471
I did as what you told.
su - asked me a password (I assume root pw)
I entered root password, but it says "incorrect password"

I know for sure, the password I have written is correct. Because I can access WHM as root with same password.

0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 13998619
What does WHM stand for?
Does WHM root password the same as CentOS 3.4 console root password?
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 13998828
I think you do not have the correct password.

it is easy to change the password if you have direct access to the computer

bu remotely... mmhh... it will be difficult.

please remember correct root password. it should not be the same of an app. password.
0
 
LVL 1

Author Comment

by:Buraque
ID: 14001187
WHM stands for Web Host Manager, it is an application to control all accounts in the server, an extension of cPanel. I am not a web host, but I have several personal accounts in a dedicated server.

and yes, WHM password is same with the console root password. When I purchase the server, ISP gave me a root password and I changed it for security reasons.
I have both passwords now. But both not working in su -  command.

I am gonna contact my ISP I guess, for last resort.
0
 
LVL 5

Assisted Solution

by:brabard
brabard earned 300 total points
ID: 14001383
Just a little comment :
It is very unlikely to need the real root password to connect and manage WHM . If I imagine a WEB server machine including Apache , PHP , Perl , MySQL , etc. , I can't see an aplication process that have to run as root .....

I took a look at WHM docs , so they talk about "Server root password" , "MySQL root password" and these ara different things .  So I think the real root password you need to connect via ssh is another .

Best Regards !
Brabard
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 14001408
> But both not working in su -  command.
I suspect the root password has been reset by your ISP.
0
 
LVL 1

Author Comment

by:Buraque
ID: 14001481
I am using this server for about 6 months now.
You can change your root password using WHM. And I changed my root password several times. And everytime I do that, my new password worked as SSH root password as well.
I think problem is, I disabled the root access in sshd configuration. I will ask my ISP to enable again.
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 14001549
> I disabled the root access in sshd configuration.
However, how to explain that you can not do "su -" to gain root access?
Unless you also disable "su -" or "su" in PAM or some security configuration files.
0
 
LVL 1

Author Comment

by:Buraque
ID: 14001816
> However, how to explain that you can not do "su -" to gain root access?
> Unless you also disable "su -" or "su" in PAM or some security configuration files.

I don't know. I actually enabled "su -" for one user. And if I disable it, I won't ask for password right?
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 14004846
Buraque

it looks like that process to enable one user to use "su", could have been part of the problem itself. maybe that configuration is the one disabling you to "su" to root.

if that's the case, then changing root password will not help you at all.

to verify it, you can talk with your isp and ask them if they can login as root using your actual password. If they can, then just in order to fix what you did, ask them to enable root access in ssh, and restart the sshd daemon.

then fix the problem and consider using keys next time, and not only passwords.

0
 
LVL 1

Author Comment

by:Buraque
ID: 14005592
As I suspected
Disabling root access in sshd configuration, also disables to "su -" to the root from any user.

My ISP enabled root SSH access again, and problem solved
thanks veryone
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 14007877
he...

and we got a "b" because we didn't got to the point? hehehehe


it's okay. but consider using keys instead passwords for sensitive tasks.
0
 
LVL 88

Expert Comment

by:rindi
ID: 14017396
Thanks.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question