0

In the past I've been able to connect to my server via SFTP with no problems, but suddenly yesterday it warned me that the fingerprint for the RSA key sent by the remote host had changed.

I've encountered this issue plenty of times before but this time in particular, literally every time I attempt to reconnect to the server it tells me that the fingerprint has changed again.

I thought maybe it was MITM attack, but I continued to receive the same message even after trying to connect from a different computer on a different ISP altogether.

Any idea what the underlying cause might be? Has anyone else ever encountered this? If so, what did you do to remedy the situation?

jerdiggity
  • 101
  • 2
  • 1
    Has your server been compromised? – EEAA May 14 '15 at 18:12
  • @EEAA it was compromised at one point, yes. Do you think there's some type of malicious script running that would constantly cause the fingerprint to change? – jerdiggity May 14 '15 at 18:16
  • Possibly, yes. If it was compromised at one point and you did not do a complete rebuild from scratch, I'd consider it 100% compromised. – EEAA May 14 '15 at 18:17
  • 1
    See this QA: http://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server – EEAA May 14 '15 at 18:17

0 Answers0