2

For the history, I have a local VM (Virtualbox) with OS debian and in this VM I have been developed a Web application. I log in with ssh protocol.

Today, I'm facing a strange troubleshooting. I tried to connect with ssh to my local VM and got the following message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:_______________________________________.
Please contact your system administrator.
Add correct host key in /Users/_____/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/______/.ssh/known_hosts:5
RSA host key for 192.168.1.6 has changed and you have requested strict checking.
Host key verification failed.

I understand that the fingerprint of my local VM has been changed, and i wonder, if it is possible to change the public fingerprint by itself. I'm trying to understand if there is man in the middle.

Thank you for your time :)

nbompetsis
  • 61
  • 1
  • 7
  • I'm not sure who how the finger print is calculated, but it could be if your VM has been assigned a new IP or MAC address. as you can be fairly confident that the VM has not been tampered with, you can remove the offending fingerprint from your .ssh/known_hosts file – maniacalrobot Jan 05 '16 at 12:13
  • I think that you have right. My VM gets ip from the DHCP consequently it has no fixed ip or the current ip has caught from another device on the past. I have no other reason to give. – nbompetsis Jan 05 '16 at 12:30
  • not sure what is the question. – Jakuje Jan 05 '16 at 16:18
  • I understand that the fingerprint of my local VM has been changed, and i wonder, if it is possible to change the public fingerprint by itself. I'm trying to understand if there is man in the middle. – nbompetsis Jan 06 '16 at 01:21

1 Answers1

0

Maybe this can help you https://superuser.com/questions/421997/what-is-a-ssh-key-fingerprint-and-how-is-it-generated

check if exist other machine with the same IP (maybe static IP), you can use "arping" for that

(I post as answer because I can't comment)

Community
  • 1
  • 1
Carlos Albornoz
  • 106
  • 4