WebFaction
Community site: login faq

Hi,

I know you recently changed the IP address for web180, and now I am having trouble logging into that machine to restart my apps. I get this error

$ ssh my_username@web180.webfaction.com

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The RSA host key for web180.webfaction.com has changed, and the key for the corresponding IP address 108.59.4.71 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 46:(removed):f5. Please contact your system administrator. Add correct host key in /Users/my_username/.ssh/known_hosts to get rid of this message. Offending key in /Users/my_username/.ssh/known_hosts:6 RSA host key for web180.webfaction.com has changed and you have requested strict checking. Host key verification failed. lost connection

Anything you can do to help would be great. Thanks!

asked 18 Jan '12, 22:19

Spike's gravatar image

Spike
3325
accept rate: 0%


You can just remove web180.webfaction.com's previous key using: ssh-keygen -R web180.webfaction.com

permanent link

answered 18 Jan '12, 22:25

neeravk's gravatar image

neeravk
1.5k3412
accept rate: 41%

Perfect. Thanks!

(18 Jan '12, 22:40) Spike Spike's gravatar image

Having the same problem, ssh-keygen claims to update the known-hosts file, but I get the same login on the next ssh attempt. Is there some further, really obvious step I'm overlooking?

(18 Mar '12, 16:53) barsoomcore barsoomcore's gravatar image

When you run ssh-keygen -R web180.webfaction.com it should remove the entry from your knownhosts file. Substitute web180 with the server you are trying to connect to. When you run your ssh command again, it should prompt you to accept the connection with the fingerprint mentioned.

Is this not what you get?

If you would like, you can open a support ticket for us to look into it closer for you. https://help.webfaction.com/

(18 Mar '12, 17:04) bmeyer71 ♦♦ bmeyer71's gravatar image

I've tried that in Mac OS X, (changing the address to my username.webfactional.com), and I get "operation not supported." Can somebody help me?

(23 Aug '12, 11:58) mattshepherd mattshepherd's gravatar image

@mattshepherd - we've received your support ticket and will answer it as soon as possible.

(23 Aug '12, 13:06) seanf ♦♦ seanf's gravatar image

Thanks, Sean. I decided to ticket as well because I wasn't sure how much attention a post from last March might get. It's heartening to know you guys stay on top of even the old ones.

(23 Aug '12, 14:59) mattshepherd mattshepherd's gravatar image
showing 5 of 6 show 1 more comments

Hi! I know this is an old post, but since my issue is identical I'll try to post here first, open a ticket later (if necessary).

I get the same message as the OP when I try to SSH to Web573. I use the more generic URL:

ssh username@username.webfactional.com

The fingerprint for the RSA key sent by the remote host is:

40:81:74:0a:46:a4:87:95:de:52:04:57:fe:18:69:e8

Since this is a security issue, can you please confirm:

  1. That the host has changed?
  2. That the fingerprint is correct?

I can see 2 IP addresses in my Dashboard, one of which is the one my SSH client tries to connect to. It seems therefore it's OK to accept the new host key, but I couldn't find any information about changes in the Web573 and/or its IP.

Maybe it would be beneficial to enhance the Web Server widget in the Dashboard, or provide a separate page with relevant security info and updates.

Thank you for reading!

permanent link

answered 26 Sep, 16:42

Asotos's gravatar image

Asotos
112
accept rate: 0%

That is the correct fingerprint for web573. The last time your host changed was from the migration on 2017-03-14. We have an internal ticket to look into providing the fingerprints for the servers on secure page, but have no ETA when that will be completed.

(26 Sep, 21:27) bmeyer71 ♦♦ bmeyer71's gravatar image

Thank you! We can always count on your excellent support in the meantime!

(26 Sep, 21:37) Asotos Asotos's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×101
×39
×1

question asked: 18 Jan '12, 22:19

question was seen: 6,235 times

last updated: 26 Sep, 21:37

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2017 PARAGON INTERNET GROUP LIMITED
WEBFACTION IS A SERVICE OF PARAGON INTERNET GROUP LIMITED
REGISTERED IN ENGLAND AND WALES 7573953 - VAT REGISTRATION NUMBER 182147021
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM