[Info-vax] SSH mysteriously stops working

Phillip Helbig---undress to reply helbig at astro.multiCLOTHESvax.de
Thu May 19 11:55:15 EDT 2011 

In article <d949a$4dd4b9cb$82a13c9d$20341 at news1.tudelft.nl>, JOUKJ
<joukj at hrem.nano.tudelft.nl> writes: 

> Did you also try with a "just-created" account which was not used for 
> ssh at all before the test?

Not yet.  Maybe I'll have to.  Here is the message I get when trying to 
get in from outside.  (Contrary to what I mentioned before, OUTGOING 
access seems OK.)

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The DSA host key for multivax.de has changed,
and the key for the corresponding IP address 217.226.76.212
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/foobar/.ssh/known_hosts:5
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle 
attack)!
It is also possible that the DSA host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
f1:f2:2f:53:d5:cd:ae:3f:97:90:e5:01:21:33:d4:aa.
Please contact your system administrator.
Add correct host key in /home/foobar/.ssh/known_hosts to get rid of this 
message.
Offending key in /home/foobar/.ssh/known_hosts:1
DSA host key for multivax.de has changed and you have requested strict 
checking.
Host key verification failed.

Note that a) I have an IP address which changes usually once a day and
b) whatever node has the cluster IP address will respond to the incoming 
request.  Both the IP address and also the node with the cluster alias 
have changed in the past.  SSH probably wasn't meant for this sort of 
setup.  Could the problem be that the IP address and the cluster-alias 
node changed at the same time?

More information about the Info-vax mailing list