Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line
31323334353637383940
Chapter 4 Connecting to Remote Computers 31
Be sure this is the correct key before accepting it. If possible, provide users with the
encryption key through FTP, mail, or a download from the web, so they can be sure of
the identity of the server.
If you later see a warning message about a man-in-the-middle attack (see below) when
you try to connect, it might be because the key on the remote computer no longer
matches the key stored on the local computer. This can happen if you:
Change your SSH conguration on the local or remote computer Â
Perform a clean installation of the server software on the computer youre Â
attempting to log in to using SSH
Start up from a Mac OS X Server disc on the computer you’re attempting to log in to Â
using SSH
Attempt to use SSH to access a computer that has the same IP address as a computer Â
that you used SSH with on another network
To connect again, delete the entries corresponding to the remote computer (which are
stored by name and IP address) in the le ~/.ssh/known_hosts.
An SSH Man-in-the-Middle Attack
Sometimes an attacker can access your network and compromise routing information,
so that packets intended for a remote computer are routed to the attacker, who then
impersonates the remote computer to the local computer and the local computer to
the remote computer.
Heres a typical scenario: A user connects to the remote computer using SSH. By
using spoong techniques, the attacker poses as the remote computer and receives
information from the local computer. The attacker then relays the information to
the remote computer, receives a response, and then relays the remote computers
response to the local computer.
Throughout the process, the attacker is privy to all information that goes back and
forth, and can modify it.
If you see the following message when connecting to the remote computer using SSH,
it may indicate a man-in-the-middle attack.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Protect against this type of attack by verifying that the host key sent back is the
correct host key for the computer youre trying to reach. Be watchful for the warning
message, and alert your users to its meaning.