OPNsense Forum

English Forums => General Discussion => Topic started by: jgraves on May 09, 2018, 06:33:54 am

Title: ssh MITM Attack problem
Post by: jgraves on May 09, 2018, 06:33:54 am

All,

I've been using OPN Sense for awhile now without problems.  About a week ago, I started seeing security errors when doing an outbound SSH -i mykey myname@myhost.com commands.  It was warning me that the new cert didn't match the one in my .ssh/known_hosts file.  I tripple checked and it was right... MITM attack...

After going through each computer on my network and doing a bunch of arp -a commands, I found the source of the problem is the OPNSENSE server itself.  When I turn this machine off and go through a different route, the problem goes away.

Any ideas on how I can debug this?  Is it possible there is a rogue MITM software on my opnsense server?  Is there a setting I'm missing on opnsense?  I've updated the firmware, but it didn't help. 

OPNsense 18.1.7_1-amd64
FreeBSD 11.1-RELEASE-p9
OpenSSL 1.0.2o 27 Mar 2018

Thanks

-John

Title: Re: ssh MITM Attack problem
Post by: fabian on May 09, 2018, 05:25:33 pm

Sounds like a DNAT issue. You may want to check the Port Forward section.