Client notified of changing RSA Key Fingerprints on CompleteFTP Server

Question

We've been using CompleteFTP Professional for many years. We have sftp enabled on the server with all authentication methods available. We created an RSA and DSA key public key pair on the server, but have not created any keys for individual users.

Recently, with version 12.1.5, we have two clients out of 1,000+ clients that almost every day, they are unable to upload files because of the RSA fingerprint stores in their machine mismatching the server. In our troubleshooting, the RSA fingerprint presented is different every time, and doesn't match the RSA or DSA key fingerprint public key on the server when viewing it.

This issue persists after updating to 13.0.1. We even manually stored the DSA key fingerprint value from the server into the clients' database tables where this information is stored, but the next day or so, the client complains that the RSA key fingerprint does not match what is stored in the client's database. The key being presented is different than before.

Aside from MITM, any ideas what this could be?

Comments

It's probably best to open a support ticket for this, go to https://enterprisedt.com/help.

If you have access to the client's private key so you can test connecting yourself, generate a debug log of a failed login attempt and include it. Otherwise, if you are able to supply a debug log file that shows them failing to log in.

---

Thanks; I opened up a ticket.

---

Resolved with one of the clients. It turns out there was a "man-in-the-middle" in the form of a network-based IPS. It was interfering with SSH communication between the client and server.

Answer 1

This was an interesting problem. It turns out (see the comment) that somewhere on the client side, they had an intrusion prevention system (IPS) that intercepted SSH traffic and changed the server's RSA fingerprint!