Newb: What would cause SSL warning "Possible man-in-the-middle attack!"

Discussion in 'Server Operation' started by Slowhand, Jun 11, 2009.

  1. Slowhand

    Slowhand New Member

    Hi,

    I normally work on my Ubuntu server from my OSX desktop computer.

    Sometimes I use my Macbook. I had logged in to the server over SSL previously and all had been well using the Macbook. Yesterday I suddenly got a warning saying words to the effect that "The server has changed! Possible man-in-the-middle attack! Login fail."

    What would trigger this? Me installing something on the server whilst logged in from my desktop computer?

    It's highly unlikely the server is compromised as it's not even facing the internet and my other server, which *is* facing the internet shouldn't have SSH running and my router isn't forwarding port 25 in any case.

    What's the deal?

    Slowhand
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Maybe OpenSSH got updated on the server.
    You will also get a warning like this if you log in to another server with the same IP (e.g. if you have a server in your office with the IP 192.168.0.100 and a server at home which has the same IP - the SSH client thinks it's the same server and therefore issues a warning because the key has changed).
     
  3. Slowhand

    Slowhand New Member

    Falko,

    Must be the first option as I don't work on another server...

    Quite scary when the message appears...

    Is there a way to tell the update history on a server (Ubuntu 8.04 LTS)?

    Thanks :)

    Slowhand
     

Share This Page