Host key mismatch - Potential Security Breach

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
australiasomuchtosee
504 Command not implemented
Posts: 8
Joined: 2018-11-17 04:59
First name: Judy
Last name: Maddams
Location: Western Australia
Contact:

Host key mismatch - Potential Security Breach

#1 Post by australiasomuchtosee » 2018-11-17 05:38

A couple of weeks ago I started getting this message spasmodically
Zilla Security breach.jpg
Zilla Security breach.jpg (68.86 KiB) Viewed 351 times
Sometimes when connecting with Site Manager using SFTP - SSH File Transfer Protocol I received the above message, or sometimes when dragging files across to my host, Fatcow. These became more frequent. Fatcow support referred me to this thread viewtopic.php?t=23184#p89889 and following the instructions solved the problem - for a few days. On connecting for the first time after that, there was a message to create a new key (I don't remember exact wording).

Today I received the Host key mismatch message again on connecting to Zilla and several times while uploading files.

Saying OK, Cancel, or just closing the messages enables the upload to continue correctly. I have again again followed the instructions to delete the host key entry. This time I did not get any message, but the upload continued correctly.

I am not a technical person, so do not understand jargon.

Why is this re-occurring and how can it be permanently solved please?

User avatar
botg
Site Admin
Posts: 31582
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Host key mismatch - Potential Security Breach

#2 Post by botg » 2018-11-17 09:54

Please contact your server administrator and inquire about the server's host key: What is the correct fingerprint and has the host key been changed recently?

australiasomuchtosee
504 Command not implemented
Posts: 8
Joined: 2018-11-17 04:59
First name: Judy
Last name: Maddams
Location: Western Australia
Contact:

Re: Host key mismatch - Potential Security Breach

#3 Post by australiasomuchtosee » 2018-11-17 12:34

Thank you for your prompt reply Tim.

My website host Fatcow have stated
On our server we do not have separate host key and it takes automatically when you connect the SFTP.
I have been using File Zilla to upload to Fatcow for eight years, and this issue first occurred only about two weeks ago.

User avatar
boco
Contributor
Posts: 24153
Joined: 2006-05-01 03:28
Location: Germany

Re: Host key mismatch - Potential Security Breach

#4 Post by boco » 2018-11-17 18:32

Looks like they don't have a clue. Have a good thought about if you should trust such people...
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

australiasomuchtosee
504 Command not implemented
Posts: 8
Joined: 2018-11-17 04:59
First name: Judy
Last name: Maddams
Location: Western Australia
Contact:

Re: Host key mismatch - Potential Security Breach

#5 Post by australiasomuchtosee » 2018-11-17 22:10

Being a non technical person Tim, I am the one who hasn't got a clue :| . I just want processes to work for me. In this case, everything does still work, but something is causing the message to re-occur.

australiasomuchtosee
504 Command not implemented
Posts: 8
Joined: 2018-11-17 04:59
First name: Judy
Last name: Maddams
Location: Western Australia
Contact:

Re: Host key mismatch - Potential Security Breach

#6 Post by australiasomuchtosee » 2018-11-19 07:50

I have again contacted the technical team at Fatcow Tim, who advise
When you originally log into our FTP server, you will see the warning 'server's host key is unknown'. To confirm if it is the correct server, I have pasted our server fingerprint below:

ssh-rsa 4096 7d:f8:58:6c:ab:f7:72:e0:0c:24:79:c6:56:b5:35:dd

The correct fingerprint and has the host key has not been changed recently. Please compare this fingerprint to confirm it's the same server. You can then accept the warning and log in normally. I am able to connect to FTP host ftp.fatcow.com through SFTP settings.
Note - the red over ab on the above quite has been done by this forum platform - it was just in plain lettering in the email.

This is different to the number that appears on the warning screen - where to from here?
Zilla Security breach 2.jpg
Zilla Security breach 2.jpg (66.13 KiB) Viewed 287 times
Despite the different numbers, continuing does upload the pages to the Fatcow server correctly.
Last edited by botg on 2018-11-19 08:08, edited 1 time in total.
Reason: Clicked the checkbox to disable smilies

User avatar
botg
Site Admin
Posts: 31582
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Host key mismatch - Potential Security Breach

#7 Post by botg » 2018-11-19 08:20

I just tried to connect to the server a couple of times, this is what I got:
user@localhost:~$ ssh ftp.fatcow.com -p 2222
The authenticity of host '[ftp.fatcow.com]:2222 ([65.254.248.100]:2222)' can't be established.
RSA key fingerprint is SHA256:SYHvB5bDyWW9MqpJUSBt6pUh4r6Fn8wnUArq5wEQ0Ro.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
user@localhost:~$ ssh ftp.fatcow.com -p 2222
The authenticity of host '[ftp.fatcow.com]:2222 ([65.254.248.100]:2222)' can't be established.
RSA key fingerprint is SHA256:SYHvB5bDyWW9MqpJUSBt6pUh4r6Fn8wnUArq5wEQ0Ro.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
user@localhost:~$ ssh ftp.fatcow.com -p 2222
The authenticity of host '[ftp.fatcow.com]:2222 ([65.254.248.100]:2222)' can't be established.
RSA key fingerprint is SHA256:25+FNUjSRKNyf+UyA8FrRGpRq5KvdrUnb7XqtEeetGY.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
Could the server by chance be multiple servers behind a load-balancer, with one of those servers having forgotten what the correct host key is supposed to be?

australiasomuchtosee
504 Command not implemented
Posts: 8
Joined: 2018-11-17 04:59
First name: Judy
Last name: Maddams
Location: Western Australia
Contact:

Re: Host key mismatch - Potential Security Breach

#8 Post by australiasomuchtosee » 2018-11-19 11:23

I have no idea Tim. All way beyond my knowledge. All I know is I never had this happen until two or three weeks ago, and OK-ing it cancelling the message and it all works.

australiasomuchtosee
504 Command not implemented
Posts: 8
Joined: 2018-11-17 04:59
First name: Judy
Last name: Maddams
Location: Western Australia
Contact:

Re: Host key mismatch - Potential Security Breach

#9 Post by australiasomuchtosee » 2018-11-19 23:15

Hi Tim. Fatcow Support have sent my case to a Senior Technician. Maybe just luck of the draw, but when I logged on to File Zilla just now, I did not receive the Warning Message :P . I will let you know further, and thanks for your prompt answers and attention to this issue :D .

User avatar
boco
Contributor
Posts: 24153
Joined: 2006-05-01 03:28
Location: Germany

Re: Host key mismatch - Potential Security Breach

#10 Post by boco » 2018-11-20 01:27

Sure looks like there's an out-of-sync server mirror that gives you a different host key (and thus a warning).
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

australiasomuchtosee
504 Command not implemented
Posts: 8
Joined: 2018-11-17 04:59
First name: Judy
Last name: Maddams
Location: Western Australia
Contact:

Re: Host key mismatch - Potential Security Breach

#11 Post by australiasomuchtosee » 2018-11-20 06:57

What I find strange Boco is that it does not give the Warning Message every time. Also if something was going on with the keys at Fatcow, I would expect other Fatcow customers using File Zilla to be experiencing the same, but there has been no mention of that.
Last edited by australiasomuchtosee on 2018-11-20 10:33, edited 1 time in total.

User avatar
botg
Site Admin
Posts: 31582
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Host key mismatch - Potential Security Breach

#12 Post by botg » 2018-11-20 08:15

Let me reply with my previous reply which explains it all:
botg wrote:
2018-11-19 08:20
I just tried to connect to the server a couple of times, this is what I got:
user@localhost:~$ ssh ftp.fatcow.com -p 2222
The authenticity of host '[ftp.fatcow.com]:2222 ([65.254.248.100]:2222)' can't be established.
RSA key fingerprint is SHA256:SYHvB5bDyWW9MqpJUSBt6pUh4r6Fn8wnUArq5wEQ0Ro.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
user@localhost:~$ ssh ftp.fatcow.com -p 2222
The authenticity of host '[ftp.fatcow.com]:2222 ([65.254.248.100]:2222)' can't be established.
RSA key fingerprint is SHA256:SYHvB5bDyWW9MqpJUSBt6pUh4r6Fn8wnUArq5wEQ0Ro.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
user@localhost:~$ ssh ftp.fatcow.com -p 2222
The authenticity of host '[ftp.fatcow.com]:2222 ([65.254.248.100]:2222)' can't be established.
RSA key fingerprint is SHA256:25+FNUjSRKNyf+UyA8FrRGpRq5KvdrUnb7XqtEeetGY.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
Could the server by chance be multiple servers behind a load-balancer, with one of those servers having forgotten what the correct host key is supposed to be?

User avatar
boco
Contributor
Posts: 24153
Joined: 2006-05-01 03:28
Location: Germany

Re: Host key mismatch - Potential Security Breach

#13 Post by boco » 2018-11-20 13:12

Load-balancing is done by having multiple physical servers available under one address. The clients are redirected to one of the server mirrors, based on load.

The reason why you don't get that warning consistently is, that you are not hitting that one server every time you transfer. It's like Russian Roulette - one bullet (=bad server) and the rest of the slots is empty (=good servers). So, your chance of firing the bullet (=getting the warning) is always less than 100%.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

australiasomuchtosee
504 Command not implemented
Posts: 8
Joined: 2018-11-17 04:59
First name: Judy
Last name: Maddams
Location: Western Australia
Contact:

Re: Host key mismatch - Potential Security Breach

#14 Post by australiasomuchtosee » 2018-12-12 02:45

Since this problem, I have continued my uploads by logging in via FTP instead of SFTP without issue, thus being able to continue to work while this issue remains unsolved. Thank you Tim (botg) and boco for you attention. I hope one day to get this fully resolved and will return to this thread when do.

Post Reply