下面這個 SSH 的錯誤訊息是我最常遇到的.
[ben@localhost ~]$ ssh 192.8.1.1 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is 43:49:ae:32:f7:9a:42:00:a1:c8:b7:51:59:40:40:05. Please contact your system administrator. Add correct host key in /home/ben/.ssh/known_hosts to get rid of this message. Offending RSA key in /home/ben/.ssh/known_hosts:2 RSA host key for 192.8.1.1 has changed and you have requested strict checking. Host key verification failed.
這個發生在妳的 SSH Server 公鑰與上次登入的不一樣,有可能是妳的 Server 換了.只要你確認登入的 SSH Server 沒錯.SSH server 的公開金鑰存放在使用者家目錄 /home/user/.ssh/known_hosts 下,修改 known_hosts 即可以解決上面的問題.關於 SSH 的認證加密請參考 https://benjr.tw/301
修改方式如下:
known_hosts
只要移除使用者的 known_hosts 即可,如 ben 使用者的公鑰檔位於 /home/ben/.ssh/known_hosts ,不過這樣所有的 SSH Server 下次登入還要再同意接受一次公鑰,建議只刪除有衝突的部分即可.
[ben@localhost ~]$ vi .ssh/known_hosts 172.16.0.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6jTJeCM3Zwg0xJLuH7TgVtVMgV/qPhk1BoxvXBp7bvshlxsI5kteFBowylioH68d+N/1zIhF5HYm7A1v+/r1acYmTMRHLhAVvy9nuV2XOmrCzkyRf8bPL3sFbx5KoUYKK8ALEUN9r4+67+zLEyo/0Asm+QWQqvw4orO9eL6IaSw17iT6zmn5IzyuTg1wblGLlTRbDkYSCNLh0oprcNV59lnaFHaY4QmxXtLl2F7hJQVEmkUuFAxxr5FJ/V6UZ6VAd+iJGpDTSFhSzoDCBvcayHxga9I8ac4d9vl7VNMuHcSLN/dCU77V2Y1K1jO+rT7LOeYIc+av8zemShUuCIuNnQ== 192.8.1.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2TRGEsk/+2SWeGKRZmf7aAyohGuZnBJYIEkwIqPjLa/6ASaorZj+RxBIP5/sF7W8Dqjae1lkEklOwjNwY6cn3am73FShtupkpAeU70B4RjeXEvRADE1x4b72pIZtgQzhwomCbR8t7OJC+Nn5sPhz10KeDTxliuVXsB+S+6uUYYia7vI9xo0JNLTRoQeoUpKYLltfEJMrFo6OZXxKg3WkQcjN8TNjD8yN2sMQVlloB4iqoSuM7qO4vOZYlPylvLbIh5wwfqnRkOlPlb/+00gruymSUbE8B+6u/dN3VL0Sha2/zaSprvdbDrWBcoW8ozEqxaqAr76RQkYRg11+UNvaqQ==
移除 192.8.1.1 ssh-rsa
[ben@localhost ~]$ cat .ssh/known_hosts 172.16.0.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6jTJeCM3Zwg0xJLuH7TgVtVMgV/qPhk1BoxvXBp7bvshlxsI5kteFBowylioH68d+N/1zIhF5HYm7A1v+/r1acYmTMRHLhAVvy9nuV2XOmrCzkyRf8bPL3sFbx5KoUYKK8ALEUN9r4+67+zLEyo/0Asm+QWQqvw4orO9eL6IaSw17iT6zmn5IzyuTg1wblGLlTRbDkYSCNLh0oprcNV59lnaFHaY4QmxXtLl2F7hJQVEmkUuFAxxr5FJ/V6UZ6VAd+iJGpDTSFhSzoDCBvcayHxga9I8ac4d9vl7VNMuHcSLN/dCU77V2Y1K1jO+rT7LOeYIc+av8zemShUuCIuNnQ==
ssh-keygen
ssh-keygen 除了可以產生金鑰外,我們也可以透過他來刪除個別 SSH Server 的公鑰.
[ben@localhost ~]$ ssh-keygen -R 192.8.1.1 # Host 192.8.1.1 found: line 2 type RSA /home/ben/.ssh/known_hosts updated. Original contents retained as /home/ben/.ssh/known_hosts.old
[ben@localhost ~]$ cat .ssh/known_hosts 172.16.0.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6jTJeCM3Zwg0xJLuH7TgVtVMgV/qPhk1BoxvXBp7bvshlxsI5kteFBowylioH68d+N/1zIhF5HYm7A1v+/r1acYmTMRHLhAVvy9nuV2XOmrCzkyRf8bPL3sFbx5KoUYKK8ALEUN9r4+67+zLEyo/0Asm+QWQqvw4orO9eL6IaSw17iT6zmn5IzyuTg1wblGLlTRbDkYSCNLh0oprcNV59lnaFHaY4QmxXtLl2F7hJQVEmkUuFAxxr5FJ/V6UZ6VAd+iJGpDTSFhSzoDCBvcayHxga9I8ac4d9vl7VNMuHcSLN/dCU77V2Y1K1jO+rT7LOeYIc+av8zemShUuCIuNnQ==
之後一樣的步驟接受 SSH Server 給的公鑰,就可以登入
[ben@localhost ~]$ ssh root@192.8.1.1 The authenticity of host '192.8.1.1 (192.8.1.1)' can't be established. RSA key fingerprint is 43:49:ae:32:f7:9a:42:00:a1:c8:b7:51:59:40:40:05. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.8.1.1' (RSA) to the list of known hosts. root@192.8.1.1's password: Last login: Thu Apr 13 11:40:00 2017 from 192.8.1.53
沒有解決問題,試試搜尋本站其他內容