Error: "WARNING: POSSIBLE DNS SPOOFING DETECTED" when connecting to ssh.ttu.edu


Symptoms

You receive the following message when connecting to TTU's SSH Gateway:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@      WARNING: POSSIBLE DNS SPOOFING DETECTED!         @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

The RSA host key for some_server.ttu.edu has changed, and the key for the corresponding IP address 129.118.x.y is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@   WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!    @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is ab:cd:ef:12:34:56:78:90:ab:cd:ef:12:34:56:78:90.

Please contact your system administrator.

Add correct host key in /home/TTU/some_user/.ssh/known_hosts to get rid of this message.

Offending RSA key in /home/TTU/some_user/.ssh/known_hosts:1

RSA host key for some_server.ttu.edu has changed and you have requested strict checking.

Host key verification failed.

Connection to ssh.ttu.edu closed.

NOTE: The IP address, server name, and username may vary based on the user receiving the message.

Cause

This may occur if the server to which you are connecting has been changed in some way, such as receiving a new IP address or new network adapter.

Resolution

Contact IT Help Central with a copy of the error message and a list of eRaider usernames for the affected users. IT Help Central will assign a request or incident in your name to administrators of the SSH Gateway who will add the correct SSH key for the affected server for the affected users.

TIP: You may also need to edit your .ssh/known_hosts file to remove the lines for the old server, if the server to which you are connecting has changed in some way (i.e., new hardware, new IP address).

OUTCOME

You will be able to connect successfully.