Package: openssh-server Version: 1:6.0p1-4 Severity: wishlist I recently re-added the 127.0.1.1 hostname.domain hostname line to my /etc/hosts on my ssh server (I was previously leaving the hostname resolution up to dns) and discovered that this cause an alarming and confusing message from ssh on clients. The message was that something nasty might be happening, could MITM, or host key had just changed.
I didn't change the host key, and I tracked the problem down to the change in IP and dns (from the server) resolving the server hostname as a loopback address, but it had me worried for a while. A better message would indicate that that the IP had changed (and what IP was current/old). In my case the IP was being resolved as 127.0.1.1 which meant I was being pointed at the client instead of the host, so the name (hostname.domain) didn't match the key returned by 127.0.1.1 (the client instead of the host). I've since changed /etc/hosts again since obviously the 127.0.1.1 address causes issues in my scenario. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-server depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.49 ii dpkg 1.16.10 ii libc6 2.13-38 ii libcomerr2 1.42.5-1 ii libgssapi-krb5-2 1.10.1+dfsg-4+nmu1 ii libkrb5-3 1.10.1+dfsg-4+nmu1 ii libpam-modules 1.1.3-7.1 ii libpam-runtime 1.1.3-7.1 ii libpam0g 1.1.3-7.1 ii libselinux1 2.1.9-5 ii libssl1.0.0 1.0.1e-2 ii libwrap0 7.6.q-24 ii lsb-base 4.1+Debian8 ii openssh-client 1:6.0p1-4 ii procps 1:3.3.3-2 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages openssh-server recommends: ii ncurses-term 5.9-10 ii openssh-blacklist 0.4.1+nmu1 ii openssh-blacklist-extra 0.4.1+nmu1 ii xauth 1:1.0.7-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn rssh <none> ii ssh-askpass 1:1.2.4.1-9 pn ufw <none> -- debconf information: ssh/vulnerable_host_keys: * ssh/use_old_init_script: true ssh/encrypted_host_key_but_no_keygen: ssh/disable_cr_auth: false -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
