I am running FreeNAS-8.2.0-RELEASE-p1-x64 (r11950) from an 8 GB flash drive on an HP ProLiant Microserver N36L. I have ssh enabled on the box (sshd_config below). I am suddenly getting a "REMOTE HOST IDENTIFICATION HAS CHANGED!" warning when I try to ssh into the box from my Macbook Pro. I have certainly not done anything to change it, but it surely has changed. What I have in /etc/ssh_known_hosts doesn't match with what I get with ssh-keyscan. Its not an inadvertent client-side change, since the host is in /etc/ssh_known_hosts (not ~/.ssh/known_hosts) which I can only edit as root.
Also, I get the same warning when connecting via ssh from my phone (on Android, using an app called ConnectBot), where the ssh_known_hosts is not even accessible.
And I can understand accidentally removing the host key from my known_hosts if I'm mucking around. But changing it?
So, my question is, is there any way the ssh host keys in freenas can change or "refresh" as a matter of course? That is, can they change as part of some kind of automated security audit/scan/maintenance or something? Will it be logged anywhere? I don't see anything anywhere in /var/log/*.
If not, what do I do to verify the integrity of my system? That is, how do I go about checking if the machine is somehow compromised? I can't think of any reason why someone who gets in would change SSH host key, but that's the only possibility left.
Anything else I can add here to help folks comment on my situation?
Regards,
Saurav.
Also, I get the same warning when connecting via ssh from my phone (on Android, using an app called ConnectBot), where the ssh_known_hosts is not even accessible.
And I can understand accidentally removing the host key from my known_hosts if I'm mucking around. But changing it?
So, my question is, is there any way the ssh host keys in freenas can change or "refresh" as a matter of course? That is, can they change as part of some kind of automated security audit/scan/maintenance or something? Will it be logged anywhere? I don't see anything anywhere in /var/log/*.
If not, what do I do to verify the integrity of my system? That is, how do I go about checking if the machine is somehow compromised? I can't think of any reason why someone who gets in would change SSH host key, but that's the only possibility left.
Anything else I can add here to help folks comment on my situation?
Regards,
Saurav.
Code:
######## sshd_config ######### Protocol 2 UseDNS no Subsystem sftp /usr/libexec/sftp-server ChallengeResponseAuthentication no ClientAliveCountMax 3 ClientAliveInterval 15 Port 22 PermitRootLogin without-password AllowTcpForwarding yes Compression no PubkeyAuthentication yes