I have recently upgraded my computer from ubuntu 12.04 to 14.04 LTS (in one step). After the upgrade, however, I got well-known warnings like
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for xxxx has changed,
, if I try to ssh into the computer from another linux computer.
If I try to log into the the computer from MinGW/Windows, which the host/server has a stored public key of, the login was successful for a few seconds and then the ssh session froze. The network for the host/server is down for about a few hours to a day, during which time I can't even ping the server. But it went back online again after that.
My question is:
Is it possible/normal that a LTS upgrade like mine change the host key at all?
Or is it more likely my computer is under man-in-the-middle-attack.
How do I verify which is the case?
Thanks.
-- Update --
To try to fix the problem, I restored an Ubuntu 12.04 image that I made before the upgrade to 14.04 using fsarchive and a second Ubuntu installation. I did the recover many times before and never had a problem. But this time, after the recovery, the restored Ubuntu 12.04 wouldn't boot. I was left with a grub prompt.
Then, fixing grub, I used a liveusb to re-install grub (chroot, grub-install /dev/sda etc). Again, this fixes grub every time in the past but not this time. grub-install reports some error about "FlexNet" using sector 32.
I finally fixed grub after googling, and finding two lines of command to backup and wipe out the MBR. I don't know if anyone has had similar issue before. I never installed any software called FlexNet on my windows dual boot or Linux. And it happened only after I upgrade to 14.04 LTS. Is this a sign my computer was hacked?
After I fixed grub, I was able to upgrade again to 14.04 LTS, without any issue so far.