I run an SSH tunnel through my Linode from home. Tonight I upgraded the firmware on my router, and immediately afterward when I went to connect to my Linode with PuTTY, I got a warning that my key fingerprint had changed. From Android, ConnectBot says this might be a man-in-the-middle attack (similar warning).

I'm guessing (emphasis on guessing) that this relates somehow to my router firmware upgrade, just given the timing, but on the other hand, why would that have any effect on the Linode's RSA key fingerprint? It doesn't make sense to me other than the fact that the router does sit "in the middle" of this connection. When I connect to my Linode using a device off my LAN (my smartphone), I get no warning, and the key as reported by "ssh localhost" is different than the one reported when I connect from my LAN.

In short, how worried should I be? I suppose I have some reading to do before I understand this, but I'm hoping someone can shed some insight.

Edit: solved, this was a firewall rule on my router that was redirecting traffic to an internal IP address, so that explains why the RSA fingerprint changed - it was indeed a different machine.

o_O

"Internal IP address" as in another machine on your LAN, or as in some crazy man-in-the-middle thing in the new router firmware itself?

_________________
rsk, providing useless advice on the Internet since 2005.

machine on my lan, listening on the same port. due to the router setting being incorrect it was redirecting me to that machine. fixing the setting solved the issue. it related to the firmware update as that never happened before.

Okay, thanks.
brain# sysctl paranoia.conspiracy.enabled=0

_________________
rsk, providing useless advice on the Internet since 2005.