Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'AFP over SSH Tunnel' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
AFP over SSH Tunnel
Authored by: landis on Mar 02, '07 02:24:32PM
Now this should definitely be a standalone hint. Thank you so much!

I could still use a little more help tho. I've gone through the steps and can't get it to work. To check things I tried to SSH from my laptop (REMOTE) to my desktop (SERVER) going through the dyndns URL. This is what keeps popping up on the laptop:


REMOTE:~ landis$ ssh landis@server.dyndns.net
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for server.dyndns.net has changed,
and the key for the according IP address xx.xxx.xxx.xxx
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
LONG KEY STRING REDACTED.
Please contact your system administrator.
Add correct host key in /Users/landis/.ssh/known_hosts to get rid of this message.
Offending key in /Users/landis/.ssh/known_hosts:1
RSA host key for server.dyndns.net has changed and you have requested strict checking.
Host key verification failed.

Items in italics have been changed to avoid posting anything I shouldn't.

Any ideas?

[ Reply to This | # ]

AFP over SSH Tunnel
Authored by: comboprime on Mar 02, '07 04:44:06PM
Hmmm . . . not sure exactly what's going on, but the culprit seems to be these lines:

Add correct host key in /Users/landis/.ssh/known_hosts to get rid of this message.
Offending key in /Users/landis/.ssh/known_hosts:1

See explanation here [link:]http://amath.colorado.edu/computing/unix/sshknownhosts.html

[ Reply to This | # ]
AFP over SSH Tunnel
Authored by: jms1 on Mar 02, '07 11:25:57PM

two things are going on.

first, the "host key" for your server (the machine you're trying to connect TO) has changed. this can happen if the machine's OS had been re-installed since the last time you ssh'd into it from this client machine, or if the host key was explicitly changed for some reason.

second, the IP address of your server has changed. if the server doesn't have a static IP (which i suspect is the case, because of the "dyndns" name) then this is to be expected.

if possible, watch the logs on the server while trying to ssh into it from this client. when you issue the ssh command on the client, the server's log file should show an incoming ssh connection from the client's IP address. if it doesn't show this but the client is still getting a response from "something", then either you're looking at the wrong log file, or sshd's logging on the server was disabled somehow, or you are indeed connecting to the wrong server (which is the danger it's trying to warn you about.)

as a testing option, you may want to issue the ssh command using the server's IP address instead of the name, after verifying the server's IP address through other means. this way you can be sure that there are no DNS issues which may be causing problems (like somebody hacking the dyndns servers to make your server's name point to the wrong IP address.)



[ Reply to This | # ]