Le lundi 20 août 2012 à 17:29 -0300, Dr Beco a écrit : > What should I do, or where should I look, to understand this problem? > > Can I log in with my account remotely to see the problem, or should I > better log in locally?
Just do what it says. If you can log in locally, you can try ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub to get the fingerprint and compare it with the new one. You should NOT need root privilege for that. But as other said, an ssh public key can't change on its own: somebody needs to have done something (IT, attacker, intern ;) or else there is a hardware failure. In any case, the only "immediate action" is to investigate as you did by plugging off the server. In this case this was an involuntary and harmless, yet real, MITM attack. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1345541247.4513.72.ca...@p76-nom-gd.cnrs-imn.fr
