how to verify whether remote server SSH key has changed?

3

1

I have connected to a Linux/Unix server via SSH client such as WinSCP, OpenSSH for years. Recently, I got a warning about POTENTIAL SECURITY BREACH, which says that

The server's host key does not match the one WinSCP has on cache. This means that either the server administrator has changed the host key... or you have connected to another computer pretending to be the server.

Other than contacting the person administrating the server, can I verify what the true ssh-key is?

I have used a mobile phone to SSH the same server using cellular data, and the host key reported is the same as the new key I see on WinSCP. I don't know enough about man-in-the-middle-attack, and whether MITMA could happen when my computer is compromised or something else went wrong. But I figured that since I used different routes (ether-net vs. cellular) and OS to access the server and got the same key, it's likely that the server key has really changed.

Is this a reasonable assumption?

Thanks.

tinlyx

Posted 2015-09-16T00:32:58.417

Reputation: 1 126

Answers

2

Is this a reasonable assumption?

Using two different routes eliminates attacker close to you on the route, which gives you some clue, but it doesn't ensure you that there is no attacker somewhere close to server.

Usually this warning is because of the keys really changed, but you can't be sure. The easiest way is to check with server administrator. Preferably he should publish fingerprint of the key by some other trusted channel (https page, SSHFP DNS record).

Jakuje

Posted 2015-09-16T00:32:58.417

Reputation: 7 981

Asked: 2015-09-16T00:32:58.417

Viewed: 169 times

Active: 2015-09-16T11:43:22.480