Warning – Potential security breach!

Advertisement

pshep123
Joined:
Posts:
2
Location:
New York

Warning – Potential security breach!

I realize this is not a new subject, but the previous post(s) I've seen on the subject didn't answer my specific problem. I'm hoping that this isn't a MitM attack, but it could be.

Error after the "Warning" is "The server's host key does not match the one WinSCP has in cache..." and I'm given the option to Update, Add, Skip, or Cancel. I did "Skip" two times and was able to get on to the server and everything looked fine, but I'm concerned that I'm passing sensitive information when I use that option.

For some more detail, my server is hosted on AWS with load balancers and an RSA key-pair. However, the error message states "The new ED25519 key details are:...". I'm no security expert, but I believe ED25519 is a completely different protocol from RSA, which makes me think there is something nefarious going on.

Any help would be appreciated.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,518
Location:
Prague, Czechia

Re: Warning – Potential security breach!

I assume that the RSA key that you refer to is the one you authenticate with. That's different key than the host key.
See Understanding SSH Key Pairs.

If you have multiple SSH servers behind a load balancer, use Add button to cache keys of individual servers one-by-one.

Reply with quote

Guest

I'm getting the "Potential Security Breach" fairly often and repeatedly during the same transfer process when:
  1. tens of thousands of small files are being transferred
  2. hundreds of gigabytes of files are being transferred
There are no attacks, compromised systems or administrators playing around with host keys. Since PuTTY won't suppress security dialogs (see https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-hostkeys), unattended transfers are stalled until user action in the event of this warning popping up. Can WinSCP add functionality to accept the "risk" (as in "remember my choice") and continue operation?

Reply with quote

martin
Site Admin
martin avatar

@Guast: Does the host key prompt occur on re-key? Is your SSH server load balanced somehow? Can you post a session log file?

Reply with quote

Advertisement

d3nz
Joined:
Posts:
6

Hello!
I'll continue this topic if you are not afraid.
I have the same issue with another one (6.1.1 – SFTP – Abnormal program termination).
Each issue appearing randomly from time to time and both (I have to move big data and don't watch process all the time, but when I check progress I see one of this issue or both).
It appearing both on 6.1.1 and 6.2 beta.
On the source side I have Windows Server 2019 std eng and on destination side – rhel x86_64 8.7 w/o any LB & NAT (connection from source to destination is through L2 network).
Screenshots of errors attached.
If it isn't possible to fix this issues is it possible to add option "Always Add" or "Always Update" for workaround of this issue?

winscp_6.2.png

winscp_6.1.1.png

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,518
Location:
Prague, Czechia

@d3nz: Please attach a full session log file showing the problem (using the latest version of WinSCP).

To generate the session log file, enable logging, log in to your server and do the operation and only the operation that causes the error. Submit the log with your post as an attachment. Note that passwords and passphrases not stored in the log. You may want to remove other data you consider sensitive though, such as host names, IP addresses, account names or file names (unless they are relevant to the problem). If you do not want to post the log publicly, you can mark the attachment as private.

Reply with quote

d3nz
Joined:
Posts:
6

Hi Martin.
I turned on logging and will share logs with as soon as interactive window will appear.
Btw maybe it some related to several sessions (tabs) to same host and using same username?
I'm uploading big data by folders with many files in it.

Reply with quote

Advertisement

You can post new topics in this forum