Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You should note that the SSH key has been changed.

  $ dsocks.sh ssh level01@ctf.stri.pe
  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
  Someone could be eavesdropping on you right now (man-in-the-middle attack)!
  It is also possible that a host key has just been changed.
  The fingerprint for the RSA key sent by the remote host is
  74:67:32:4a:04:b8:9f:05:b6:e8:29:43:26:12:75:11.
  Please contact your system administrator.
  Add correct host key in /home/jcr/.ssh/known_hosts to get rid of this message.
  Offending RSA key in /home/jcr/.ssh/known_hosts:8
  RSA host key for ctf.stri.pe has changed and you have requested strict checking.
  Host key verification failed.
It may be something harmless/simple like round-robin DNS combined with a failure to replicate the key, or more likely, someone has rooted the box.

EDIT: As confirmed by gdb and ab below, there's a good reason for the key change.



Not to worry, we spun up a new machine and didn't copy the ssh key from the old one.

2048 74:67:32:4a:04:b8:9f:05:b6:e8:29:43:26:12:75:11 /etc/ssh/ssh_host_rsa_key.pub is correct.


Can anyone from Stripe confirm that this box is not rooted?


Confirmed.


I'm estimating they booted a few new EC2 systems up. Right before the system got a new key it was unavailable.


Rooting the box would not change the key.


Got that also, then keep getting: ssh_exchange_identification: Connection closed by remote host

Looks fun too!


That's what happens when hundreds of people try to SSH into a machine at once :). (That error due to SSH's maxstartups being exceeded.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: