Package: openssh-client Version: 1:5.8p1-4 Severity: normal In the below transcript I think that I should not have seen a "something nasty" warning, a message about the authenticity can't be established would be more appropriate. If the server had refused ECDSA then it would be a different situation (could be a MITM attack), but when I specifically request a different algorithm it shouldn't give me a warning about that.
root@unstable:~/.ssh# rm known_hosts root@unstable:~/.ssh# ssh localhost The authenticity of host 'localhost (::1)' can't be established. ECDSA key fingerprint is ca:8d:82:e1:b8:37:f1:48:f6:70:6b:0f:0f:32:59:62. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. root@localhost's password: root@unstable:~/.ssh# ssh -o HostKeyAlgorithms=ssh-rsa localhost @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is 38:4e:96:90:9b:fe:1a:b2:b2:11:c3:a4:50:cf:f9:6d. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /root/.ssh/known_hosts:1 RSA host key for localhost has changed and you have requested strict checking. Host key verification failed. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-xen-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-client depends on: ii adduser 3.112+nmu2 add and remove users and groups ii debconf [debconf-2.0 1.5.39 Debian configuration management sy ii dpkg 1.16.0.3 Debian package management system ii libc6 2.13-4 Embedded GNU C Library: Shared lib ii libedit2 2.11-20080614-2 BSD editline and history libraries ii libgssapi-krb5-2 1.9+dfsg-1+b1 MIT Kerberos runtime libraries - k ii libselinux1 2.0.98-1+b1 SELinux runtime shared libraries ii libssl1.0.0 1.0.0d-2 SSL shared libraries ii passwd 1:4.1.4.2+svn3283-3 change and administer password and ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages openssh-client recommends: ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS pn openssh-blacklist-extra <none> (no description available) pn xauth <none> (no description available) Versions of packages openssh-client suggests: pn keychain <none> (no description available) pn libpam-ssh <none> (no description available) pn ssh-askpass <none> (no description available) -- Configuration Files: /etc/ssh/ssh_config changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
