AC68U - WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

[winstoncafe]

Hi all, right now I am out of my house. When I was trying to ssh to AC68U @374.41 (Merlin build), which I haven't done so for some weeks, I got the following message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
AA:BB:CCD:EE:FF:GG:HH:II:JJ:KK:LL:MM:NN:OOP.
Please contact your system administrator.
Add correct host key in /home/~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/~/.ssh/known_hosts:11
remove with: ssh-keygen -f "/home/~/.ssh/known_hosts" -R [192.168.1.1]:23
ECDSA host key for [192.168.1.1]:23 has changed and you have requested strict checking.
Host key verification failed.


I have also noticed an unusual reboot of AC68U 6+ hours ago (my timezone is +0800, time now 14:55):
-rw-rw-rw- 1 admin root 11 Jun 12 08:26 commit_ret

AC68U was not opened to WAN on ssh port 22/23 (I configured ssh at port 23, disallowing access from WAN).
Internet administration was not opened too.
At that time, one little Windows XP was up and running unattended. Port 443 was opened to WAN for HTTPS.
Please tell me if anything I could check up if my router was really compromised. I will upgrade firmware ASAP. But will that be unhelpful?

 

[winstoncafe]

netstat

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:5473 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:18017 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3394 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0rinter 0.0.0.0:* LISTEN
tcp 0 0 router.asus.com:netbios-ssn 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:laserjet 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:40366 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9998 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdomain:domain 0.0.0.0:* LISTEN
tcp 0 0 router.asus.com:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:telnet 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN
tcp 0 0 router.asus.com:445 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3838 0.0.0.0:* LISTEN
tcp 0 0 router.asus.com:8443 192.168.1.45:59010 TIME_WAIT
tcp 517 0 router.asus.com:8443 192.168.1.45:59055 ESTABLISHED
tcp 0 0 router.asus.com:8443 192.168.1.45:58934 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58972 TIME_WAIT
tcp 517 0 router.asus.com:8443 192.168.1.45:59054 ESTABLISHED
tcp 517 0 router.asus.com:8443 192.168.1.45:59053 ESTABLISHED
tcp 0 0 router.asus.com:8443 192.168.1.45:59023 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58948 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58946 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59048 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59044 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58942 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59015 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58979 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59000 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59080 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58944 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58950 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58962 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59017 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58938 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59025 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58999 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59046 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59012 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58990 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58966 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58932 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59059 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58989 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58964 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58954 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58977 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59027 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58930 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59040 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59068 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59002 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59033 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59036 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59003 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59001 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58952 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59026 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59063 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59039 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59057 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59035 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59072 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59050 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58991 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58965 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58940 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59075 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59056 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59067 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59058 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58988 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59076 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58973 TIME_WAIT
tcp 0 0 router.asus.com:telnet 192.168.1.45:54811 ESTABLISHED
tcp 0 0 router.asus.com:8443 192.168.1.45:59014 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59038 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59060 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59022 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58963 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59042 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58987 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59004 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59013 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58986 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58936 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59079 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:59030 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58978 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58971 TIME_WAIT
tcp 193 0 router.asus.com:54407 192.168.1.64:49152 CLOSE_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58967 TIME_WAIT
tcp 0 0 router.asus.com:8443 192.168.1.45:58967 TIME_WAIT
tcp 0 0 :::telnet :::* LISTEN
udp 0 0 0.0.0.0:9999 0.0.0.0:*
udp 0 0 localhost.localdomain:domain 0.0.0.0:*
udp 0 0 router.asus.com:domain 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 0.0.0.0:5474 0.0.0.0:*
udp 0 0 0.0.0.0:18018 0.0.0.0:*
udp 0 0 0.0.0.0:42084 0.0.0.0:*
udp 0 0 router.asus.com:51047 0.0.0.0:*
udp 0 0 0.0.0.0:upnp 0.0.0.0:*
udp 0 0 0.0.0.0:37000 0.0.0.0:*
udp 0 0 router.asus.com:netbios-ns 0.0.0.0:*
udp 0 0 0.0.0.0:netbios-ns 0.0.0.0:*
udp 0 0 router.asus.com:netbios-dgm 0.0.0.0:*
udp 0 0 0.0.0.0:netbios-dgm 0.0.0.0:*
udp 0 0 localhost.localdomain:38032 0.0.0.0:*
udp 0 0 router.asus.com:5351 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 0.0.0.0:43000 0.0.0.0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 7 [ ] DGRAM 260 /dev/log
unix 2 [ ACC ] STREAM LISTENING 954 /var/run/avahi-daemon/socket
unix 2 [ ] DGRAM 1549
unix 2 [ ] DGRAM 1296
unix 2 [ ] DGRAM 876
unix 2 [ ] DGRAM 710
unix 2 [ ] DGRAM 264

 

[winstoncafe]

commit_ret

What does that mean in /tmp/var/log/commit_ret


-rw-rw-rw- 1 admin root 11 Jun 12 08:26 commit_ret

commit: OK

 

[RMerlin]

The router's host key has changed since last time you logged from this specific machine. This can happen for example if the router's DDNS was changed, or if at some point you did a factory default reset, or disabled/re-enabled SSH.

The commit_ret simply is a temp file used by the router when it commits settings into nvram so the router can check if there's another commit currently underway, or how the last commit ended.

 

[winstoncafe]

Thanks Merln. Is there something like kern.log or auth.log for checking up?

 

[RMerlin]

Thanks Merln. Is there something like kern.log or auth.log for checking up?

No. The only logs available are syslog and dmesg. The rest is dumped on the serial console.