Ok, there's the thing. Take everything from here down with a large grain of salt because right now I'm paranoid and apt to jump to conclusions hastily. I have a few test servers that we use for all kinds of misc. hacking and testing. I was just looking at one and noticed some things I'm not happy with that make me conclude this box is at least _possibly_ cracked. However, remember we use this as a do-anything-to-it-it-doesn't-matter test box - unstable software and the works, it's a throw-away-install on our LAN. Because of this I can't be sure one of the other guys that have root haven't done the things I'm eying suspiciously Anyway I'm currently alarmed because the box I'm eyeing is testbox2, and I just tried to ssh from testbox1 to testbox2 and got the following message: jw@suse1:~ > ssh jw@suse2 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA1 host key has just been changed. The fingerprint for the RSA1 key sent by the remote host is 73:40:ed:40:fd:65:0a:bb:77:a9:2f:f7:9a:2e:54:62. Please contact your system administrator. Add correct host key in /home/jw/.ssh/known_hosts to get rid of this message. Offending key in /home/jw/.ssh/known_hosts:5 RSA1 host key for emerald has changed and you have requested strict checking. jw@suse1:~ > The last time I ssh'd from 1 to 2 was about 5 hours ago and I received no such message. box2 has _not_ been rebooted, I know because my VNC session was running with my apps open just the way I set them up. I really, really doubt any of the other admins restarted sshd, but *maybe*. Also, I've seen messages in /var/log/* before about ssh regenerating the key but there are none today. What do you think? ---------------------------------------------------- Jonathan Wilson System Administrator Cedar Creek Software http://www.cedarcreeksoftware.com Central Texas IT http://www.centraltexasit.com