Results 1 to 2 of 2
Hi, I have encountered problem during sftp connection WARNING: POSSIBLE DNS SPOOFING DETECTED! The RSA host key for XXXXX has changed, and the key for the according IP address XXXXXXXXXX ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-05-2012 #1
- Join Date
- Feb 2012
Warning: Possible Dns Spoofing Detected! during sftp
I have encountered problem during sftp connection
WARNING: POSSIBLE DNS SPOOFING DETECTED!
The RSA host key for XXXXX has changed,
and the key for the according IP address XXXXXXXXXX
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/XXXX/.ssh/known_hosts:
My situation is:
Someone is connect to my boxes using sftp
eg "sftp host0.mydomain"
host0.mydomain is resolved in round robin for hosts host1.mydomain,
What should be done in order to avoid Spoofing Warnings?
Do you think the only solution is to put the same key in each of host: host1.mydomain,
Is there a chance to somehow generate a key but without hostname?
I will appreciate yours suggestions
- 02-06-2012 #2
Maybe copy&paste the ssh key of the main server to all mirrors? I can't make up another solution right now, sorry. But basically host1, host2 and host3 should be transparent mirrors (i.e. a client doesn't need to know he's on the mirror) and therefore (by definition) all those hosts share the same key since they should be virtually the same host. The other option is to publish the three hosts as mirrors and then it's up to the clients to decide which one he wants to pick. Or as an idea: maybe some users should be able only access one specific mirror?
PS: mirroring makes only sense when your bottleneck is the computing power and not the network throughput (which typically is the case). maybe mirroring doesn't make sense in your case and is just a lot of work for being nothing more than just awesome?
Last edited by Kloschüssel; 02-06-2012 at 06:28 AM.