RSA key changed

What could cause the RSA keys to change?

I have a dedicated linux server, no control panel, and a hardware firewall that blocks everything but ports 22, 80, and 443. I always use ssh to log on. No one else has access to the machine on my side.

And yesterday, when trying to log in, ssh told me that the RSA key had changed. I had a friend verify that he was getting the same key from a different location (i.e., no possibility of local man-in-the-middle attack), logged in and verified the key using "ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub". It was the same (new) key I was seeing when trying to log in. The dates on the files were from back in September. (I'd logged in a couple of days ago)

Have I been hacked? .bash_history showed nothing interesting, but even I know how to fake that. Are there other explanations? (I haven't installed any new software in the past couple of days)

daniel

 

 

 

 

Top