1

I was pushing codes to github from a repo via a proxy (socks5)

proxychains git push -uv origin master

Warning: the RSA host key for 'github.com' differs from the key for the IP address '224.0.0.1'
Offending key for IP in /home/name/.ssh/known_hosts:38
Matching host key in /home/name/.ssh/known_hosts:21
Are you sure you want to continue connecting (yes/no)?

For the security consideration, I chose "no".

The actual real IP of "github.com" from https://www.iplocation.net/ is: 192.30.253.112

Does this mean that the proxy server did not get a correct IP of github.com . For instead, it got 224.0.0.1.

Was the server be compromised or something wrong with my local settings?

techraf
  • 9,141
  • 11
  • 44
  • 62
dotslash
  • 387
  • 3
  • 4
  • 13
  • `224.0.0.1` is not a real IP of an individual host. Instead it is a reserved multicast group address. Namely: [*The All Hosts multicast group addresses all hosts on the same network segment.*](https://en.wikipedia.org/wiki/Multicast_address). – StackzOfZtuff Jan 13 '17 at 08:01

2 Answers2

1

Was the server be compromised or something wrong with my local settings?

Most likely something is misconfigured, but given the information provided, it is impossible to tell whether on the connecting client or the ProxyChains machine. If you search for proxychains 224.0.0.1 you can see quite a number of posts, like this one.

Offending key for IP in /home/name/.ssh/known_hosts:38
Matching host key in /home/name/.ssh/known_hosts:21

Looks like your /home/name/.ssh/known_hosts contains the github.com public key in line 38 and in line 21 there is a public key of an SSH server which you connected to in the past (most likely your localhost, but you should confirm it).

When you tried to reach github.com proxy returned 224.0.0.1 and git opened an SSH session to one of your own machines and rightfully reported it was not the github.com.

Side note:

The actual real IP of "github.com" from https://www.iplocation.net/ is: 192.30.253.112

GitHub uses a whole range of IP addresses and the one you connect to can change. See What IP addresses does GitHub use that I should whitelist?. See also: Should I worry about GitHub using IP addresses that are described as having an unknown host.

Community
  • 1
techraf
  • 9,141
  • 11
  • 44
  • 62
0

You have proxychains configured to do proxied dns lookups. So, proxychains provided a "fake" ip address for github.com, so that the proxy could look up the ip address.

Unfortunately, it reuses these fake ip addresses. You've used the proxy to ssh to other hosts, and it assigned the same fake ip address to github.com that it had previously used for a different host. Ssh is not designed for this, and thinks that somebody is faking something on the network to pretend to be the wrong host.

This is a pretty common use of proxychains, so there's probably a common workaround to this issue, but I don't know what it is myself at this time. I wanted to answer since the other answer seemed unfamiliar with the issue.

fuzzyTew
  • 101
  • 1
  • A reasonable solution might be to configure ssh to use host keys only based on the host name and not the ip address `-o "CheckHostIP=no"` https://serverfault.com/questions/193631/ssh-into-a-box-with-a-frequently-changed-ip – fuzzyTew May 24 '21 at 18:49