Gordon Messmer wrote: > >> > In other words, the >> >hostkeys would be identical. > > I think what the error indicates is that a client tried to connect to > SSH, and the host key there did not match the fingerprint in the > client's "known_hosts" database. > >> >It seems to me that someone attempted an ssh connection while spoofing >> >our internal address. Is such a thing even possible? If so then how >> >does it work? > > In the situation as you've described it, probably not. > > It would be best to go to your logs themselves for the full log entry > and context, rather than relying on a report that summarizes log entries. Looks like someone trying to break in. You *are* running fail2ban, are you not? If not, you need to install and fire it up, now. I see a *lot* of this... but then, I work for a US gov't federal contractor (civilian sector), and let me assure you, I get tired of all the attempts from China, Brazil, and other places trying to ssh in - it really clutters my logfiles. mark _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos