[현상]

공개키와 개인키를 사용하여 서버 접속 시도시 하기와 같은 에러가 발생할 경우.

ubuntu@ip-192-168-52-177:~$ ssh ubuntu@db
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for db has changed,
and the key for the corresponding IP address 192.168.52.148
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:e0+0wN11IMq46zRTMCLGotYpg3hm/oPWUAbPF1K72Zk.
Please contact your system administrator.
Add correct host key in /home/ubuntu/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/ubuntu/.ssh/known_hosts:4
  remove with:
  ssh-keygen -f "/home/ubuntu/.ssh/known_hosts" -R "db"
ECDSA host key for db has changed and you have requested strict checking.
Host key verification failed.

 

[원인]

기존에 접속한 적이 있는 서버와 RSA 공유키를 교환한 상태에서 서버가 바뀌었기 때문에 발생. 기존 서버 정보를 찾아갔으나 다른 서버로 접속된, man-in-the-middle attack(중간자 공격)으로 감지된 상황.

(ex: /etc/hosts 의 ip alias 에서 ip 정보가 바뀐 경우 발생 192.168.52.148 db 와 같이 로컬에 호스트정보가 있었으나, 접속한 이력이 있던 상태에서 로컬 hosts 설정의 ip를 바꾼경우 발생)

 

[해결]

하기와 같이 alias 혹은 ip 에 대한 인증키 제거

> ssh-keygen -R ip

 

 

https://cpuu.postype.com/post/30065

 

반응형

'infra & cloud > AWS' 카테고리의 다른 글

[AWS] EC2 ssh 접속 및 bastion rsa 설정  (0) 2022.12.01
[AWS] VPC 구성  (0) 2022.12.01
[AWS] SSO : Single Sign-On  (0) 2022.05.26
[AWS] 20-4. Resource Access Manager  (0) 2022.05.26
[AWS] 20-3. AWS IAM Advanced, IAM Policy Evaluation Logic  (0) 2022.05.25

+ Recent posts