Server's host key did not match the signature supplied

Report bugs or issues with Core FTP Server here
Post Reply
bernie@dynamic
Posts: 3
Joined: Tue Jan 28, 2014 10:30 pm

Server's host key did not match the signature supplied

Post by bernie@dynamic »

Hi all,

I am getting the error message when trying to log into my SFTP site.

I'm not sure why this is happening as the site works for a couple of weeks or so and then all users start getting the above error.

There is no work being done on the server so I don't get why it would just stop working all of a sudden.

If I stop the service and restart it, it works again.

My biggest issue is that we get daily deliveries of data early in the morning and I have no warning that this issue has arisen again.

Any help would be much appreciated.

Thanks, Bernie.
ForumAdmin
Site Admin
Posts: 1006
Joined: Mon Mar 24, 2003 4:37 am

Post by ForumAdmin »

It means your server key is not being saved, usually it's due to a permissions error and the server has to recreate the server key on reboot.

Create a directory (ie: c:\certs).

Then go into the global settings -> certificate path and change the cert directory to the newly created directory.

Copy any existing certificates from the old certificate path (typically c:\program files\CoreFTPServer\certs\).

Restart server.
bernie@dynamic
Posts: 3
Joined: Tue Jan 28, 2014 10:30 pm

Post by bernie@dynamic »

Thanks for that.

I've made the changes and will let you know over the next month if we still have any outages.

Thanks, Bernie.
bernie@dynamic
Posts: 3
Joined: Tue Jan 28, 2014 10:30 pm

Post by bernie@dynamic »

I've just taken a look at the activity log and can see the following:

[#1] [20140210 03:22:50] [99.999.999.999] user 'root' sent
[#1] [20140210 03:22:50] [99.999.999.999] password sent, failed...
[#1] [20140210 03:22:50] [99.999.999.999] user 'root' sent
[#1] [20140210 03:22:50] [99.999.999.999] password sent, failed...
[#1] [20140210 03:22:50] [99.999.999.999] user 'root' sent
[#1] [20140210 03:22:51] [99.999.999.999] password sent, failed...
[#1] [20140210 03:22:51] [99.999.999.999] user 'root' sent
[#1] [20140210 03:22:51] [99.999.999.999] password sent, failed...

Am I correct in assuming that this is someone trying to hack in as the root user?
ForumAdmin
Site Admin
Posts: 1006
Joined: Mon Mar 24, 2003 4:37 am

Post by ForumAdmin »

yes, essentially hacking. There are going to be additional fixes in build 521 and greater to auto-ban this type of thing.
Post Reply