Someone is doing something nasty


Someone is doing something nasty. That's the title of my favorite Linux error message. It's to stop another computer from emulating another computer in order to try and steal passwords. They call this a man in the middle attack.

Unfortunately, I am always caught doing something nasty. It's because I work with a lot of Linux machines, and I setup VirtualBox or VMWare servers, and each new server looks like an untrusted machine when I try and ssh to it. This always results in me getting this:


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d7:63:c7:d5:65:55:33:fc:bf:b5:d6:f9:c1:a5:2e:d6.
Please contact your system administrator.
Add correct host key in /home/crazy/.ssh/known_hosts to get rid of this message.
Offending key in /home/crazy/.ssh/known_hosts:66
RSA host key for [localhost]:2222 has changed and you have requested strict checking.
Host key verification failed.


So then I have to open up the known_hosts file, find the line, delete it and then reconnect.

After years of doing the nasty like this, I finally figured out how to use the ssh config file to solve this problem (and do other cool stuff too):

From ~/.ssh/config:

Host chits
Port 2222
HostName localhost
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
LogLevel error
User chits


This combines a couple of nice things. Here is the stuff that protects you from the nasty:


UserKnownHostsFile /dev/null
StrictHostKeyChecking no
LogLevel error


It looks at the null file to check for a match on the new server's key. It eases off the strict-o-ness level, and it doesn't bore with warnings that you already know.

The other stuff just makes it require less typing to login to my virtual servers which listen on strange ports and require funny user names.

0 Response to Someone is doing something nasty

Post a Comment