Erman Arslan's Oracle Forum Database

Man-In-the-Middle attack

classic Classic list List threaded Threaded
2 messages Options
Roshan
Reply | Threaded
Open this post in threaded view
|

Man-In-the-Middle attack

Roshan
Oracle linux 6.5
Oracle Database 11gR2
EBSR12.2.4

Hello Erman,

when I do scp <foldername> username@<IP>:<path> I get the error below:
[root@erppreprod db]# scp 11.2.0BK root@172.**.**.***:/u0*/oracle/****/db
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
83:54:3a:46:e6:fb:4b:cc:48:44:de:61:b4:79:4e:b0.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:2
RSA host key for 172.25.43.147 has changed and you have requested strict checking.
Host key verification failed.
lost connection

Then I ran the command below as root and the issue was solved:
sed -i '2d' /home/oracle/.ssh/known_hosts

But as appltest user and oratest user I am getting the error below:

[appltest@erppreprod01 ~]$ sed -i '2d' /home/oracle/.ssh/known_hosts
sed: can't read /home/oracle/.ssh/known_hosts: No such file or directory

Thanks,
Roshan
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: Man-In-the-Middle attack

ErmanArslansOracleBlog
Administrator
Why do you try to reach oracle OS user's directory.
Also, You dont have a user called oracle it seems. Because you had to get a permission error rather than a no such file or directory error.

You are doing this operation with root. Attention please.
You have an OS admin to guide you? These are very basic things.
Anyways, delete the second key in /root/.ssh/known_hosts  , with user "root"
Then retry, it will automatically add the key to the known_hosts.

Answer yes when scp asks:
[root@demoorcl ~]# scp -r root@10.123.35.62:/tmp/erm .
The authenticity of host '10.123.35.62 (10.123.35.62)' can't be established.
RSA key fingerprint is af:f4:67:71:a0:c7:46:5c:53:3b:e2:59:93:52:36:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.123.35.62' (RSA) to the list of known hosts.

After a while, if u start the same error again, check out this,
http://stackoverflow.com/questions/20840012/ssh-remote-host-identification-has-changed
Free forum by Nabble Edit this page