Hi everyone. I got a message that said something like: "Posisble security breach, the sha2 key has changed, if you didn't expect this log out, if you expected this update the keys stored" I didn't take a screenshot but that's basically what it said.
Last thing I did before getting that message was changing my MAC address to log in. I think, before that, I used aother computer to log in (and changed the MAC address aswel). Maybe this confused the security system?
Should I be worried?
you gave a bit vague explanation of the error, but it sounds just like the normal warning that gets issued if the server has updated its host key ID (e.g. after a flash where you did not save settings). Possibly when you have last time used this computer to log in, the router has had a bit different SSH key ID.
Some ssh clients are very picky in allowing connections to previously known hosts only if the host key ID is still the same.
Examples of these warnings:
https://blog.tinned-software.net/ssh-remote-host-identification-has-changed/
https://www.raspberrypi.org/forums/viewtopic.php?f=91&t=104253
1 Like
a) your ssh client remembers the ssh server keys for systems you have been connected to in the past, this is one countermeasure against a potential man in the middle attack.
b) whenever you replace your router (but keep the same IP address) or if you reset your router (firstboot or upgrading without keping settings), a new ssh server key is generated.
Due to the combibation of a) and b), you might see your warning - or you're actually seeing a mitm attack.
1 Like