Warning Messages When I SSH


When you are using remote login or SSh, you will occassionally see warning messages, do not panic.  Carefully read the warning message, often times instructions on how to resove the issue are listed in the warning message.

 

WARNING: POSSIBLE DNS SPOOFING DETECTED! WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!      @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

This message is generated when you try to ssh to a remote host and the remote host settings, identification and/or operating system does not match what is in your computer's records. While this is a good security warning to pay attention to in most circumstances, it can also generate unneeded warnings.

We routinely at the end of each quarter upgrade operating systems and occassionaly replace old machines. When people try to ssh to the newly updated/replaced machine, the first time they do so they will likely see this message since we did make changes. If you know these changes are legitimate, then this warning is nothing to be afraid of.

This message usually has a set of instructions for resolving this issue depending on your settings, ssh client and/or operating system. Please read and follow the instructions. Some clients will simply ask you to resolve this by clicking/typing "yes" to connect to the host that generated this warning.   Other systems/programs like the linux systems in CSIL require you to purge the old information to stop seeing the warning message.

On our systems the instructions follwong this warning will take the form of "Remove old host key and add correct host key in ~/.ssh/known_hosts to get rid of this message." To resolve, simply open a terminal, using your favorite editor, open the know_hosts file, remove the line that starts with the offending host name/IP address, save your changes. The next time you connect, you will have the option of typing "yes" to "add new host key to ~/.ssh/known_hosts"

 

Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.

This is related to flags you can declare when you try to ssh. Two common flags are -X and -Y

Both options have to do with X11 forwarding which can be enabled on the CSIL computers. This means if you enable X11 on the non-CSIL computer, you can use a graphical client through your SSH session (i.e. use the matlab GUI instead of only the command line).

If you use ssh -X remotemachine the remote machine is treated as an untrusted client. So your local client sends a command to the remote machine and receives the graphical output. If your command violates some security settings you'll receive an error instead. This is the preferred/default setting for most programs due to security concerns.

But if you use ssh -Y remotemachine the remote machine is treated as trusted client. This last option can open security problems. ONLY DO THIS IF YOU TRUST THE REMOTE MACHINE Because the other graphical (X11) client can sniff data, take screenshots, do keylogging and other nasty stuff, this setting is not enabled by default on most machines.

If you ssh into CSIL and do not use one of the above flags, you might get the above warning message. It is simply the computers way of saying that it failed to set up untrusted X11 forwarding because the settings on both ends do not match.

 

Tags: dns, forward, host, key, name, remote, spoof, SSH, warning
Last update:
2017-07-12 22:33
Author:
Marc J Miller
Revision:
1.5
Average rating:0 (0 Votes)

You cannot comment on this entry

Chuck Norris has counted to infinity. Twice.

Records in this category

Tags