Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
ssh MITM Attack problem
« previous
next »
Print
Pages: [
1
]
Author
Topic: ssh MITM Attack problem (Read 2438 times)
jgraves
Newbie
Posts: 1
Karma: 0
ssh MITM Attack problem
«
on:
May 09, 2018, 06:33:54 am »
All,
I've been using OPN Sense for awhile now without problems. About a week ago, I started seeing security errors when doing an outbound SSH -i mykey myname@myhost.com commands. It was warning me that the new cert didn't match the one in my .ssh/known_hosts file. I tripple checked and it was right... MITM attack...
After going through each computer on my network and doing a bunch of arp -a commands, I found the source of the problem is the OPNSENSE server itself. When I turn this machine off and go through a different route, the problem goes away.
Any ideas on how I can debug this? Is it possible there is a rogue MITM software on my opnsense server? Is there a setting I'm missing on opnsense? I've updated the firmware, but it didn't help.
OPNsense 18.1.7_1-amd64
FreeBSD 11.1-RELEASE-p9
OpenSSL 1.0.2o 27 Mar 2018
Thanks
-John
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: ssh MITM Attack problem
«
Reply #1 on:
May 09, 2018, 05:25:33 pm »
Sounds like a DNAT issue. You may want to check the Port Forward section.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
ssh MITM Attack problem