Register
An organization's network security administrator has been using an SSH connection to manage switches and routers for several years. After attempting to connect to a router, an alert appears on the terminal
82.1k views
5 votes
An organization's network security administrator has been using an SSH connection to manage switches and routers for several years. After attempting to connect to a router, an alert appears on the terminal emulation software, warning that the SSH key has changed.

After confirming the administrator is using the typical workstation and the router has not been replaced, which of the following are the MOST likely explanations for the warning message? (Choose two.)

A. The SSH keys were given to another department.
B. A MITM attack is being performed by an APT.
C. The terminal emulator does not support SHA-256.
D. An incorrect username or password was entered.
E. A key rotation has occurred as a result of an incident.
F. The workstation is not syncing with the correct NTP server.

User Phani K
by
8.1k points

1 Answer

4 votes

Final answer:

The SSH key change warning likely results from a Man-In-The-Middle attack or a key rotation due to security measures or an incident. Other provided options do not align with the symptoms of an SSH key change alert.

Step-by-step explanation:

If a network security administrator receives a warning that the SSH key has changed while trying to connect to a router, and it has been confirmed that neither the workstation nor the router has been replaced, the most likely explanations for this alert are:

  1. A MITM (Man-In-The-Middle) attack is being performed by an APT (Advanced Persistent Threat). This type of attack involves an unauthorized party intercepting communication between the administrator's workstation and the network device, with the potential of either eavesdropping or altering the data being transmitted.
  2. A key rotation has occurred as a result of an incident. Key rotation is a security process where old SSH keys are replaced with new ones. This could happen as part of routine security measures or in response to a security incident.

Option A, giving SSH keys to another department, would not typically generate such a warning. Option C, an unsupported SHA-256 in the terminal emulator, would lead to a different type of error. Option D, incorrect username or password, would result in authentication errors, not a key change alert. Option F, incorrect NTP server sync, could potentially cause different issues primarily related to timestamps and not key changes.

User TildalWave
by
7.9k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.2m questions

11.9m answers

Other Questions

Who was Adam Smith ? Anybody?
What can turn igneous rock into sediment?
In what way did the GI Bill contribute to the growth of professional and white-collar jobs ? A.by providing US laborers with new job-training programs B.by giving US veterans assistance to purchase a new
You sell popcorn during your schools football games. Knowing that the people usually buy more when the price is lower, how would you price your popcorn after halftime?
The government has decided that the free market price of cheese is too low. Farmers complain that the price floor has reduced their total revenue.Is this possible? Explain
Link Copied!