SSH連接時出現Host key verification failed的原因及解決方法
阿新 • • 發佈:2017-11-30
避免 and 方便 roo code middle rect int 添加 SSH連接的時候Host key verification failed.
[root@cache001 swftools-0.9.0]# ssh 192.168.1.90
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
05:25:84:ea:dd:92:8d:80:ce:ad:5b:79:58:fe:c9:42.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:10
RSA host key for 192.168.1.90 has changed and you have requested strict checking.
Host key verification failed. ================================== ================================== 用OpenSSH的人都知ssh會把你每個你訪問過計算機的公鑰(public key)都記錄在~/.ssh/known_hosts。當下次訪問相同計算機時,OpenSSH會核對公鑰。如果公鑰不同,OpenSSH會發出警告,避免你受到DNS Hijack之類的攻擊。
SSH對主機的public_key的檢查等級是根據
-------------
解決方法 1 -------------
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
05:25:84:ea:dd:92:8d:80:ce:ad:5b:79:58:fe:c9:42.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:10
RSA host key for 192.168.1.90 has changed and you have requested strict checking.
Host key verification failed. ================================== ================================== 用OpenSSH的人都知ssh會把你每個你訪問過計算機的公鑰(public key)都記錄在~/.ssh/known_hosts。當下次訪問相同計算機時,OpenSSH會核對公鑰。如果公鑰不同,OpenSSH會發出警告,避免你受到DNS Hijack之類的攻擊。
SSH對主機的public_key的檢查等級是根據
StrictHostKeyChecking變量來配置的。默認情況下,
StrictHostKeyChecking=ask。簡單所下它的三種配置值:
1.
StrictHostKeyChecking=no
#最不安全的級別,當然也沒有那麽多煩人的提示了,相對安全的內網時建議使用。如果連接server的key在本地不存在,那麽就自動添加到文件中(默認是known_hosts),並且給出一個警告。
2.
StrictHostKeyChecking=ask #默認的級別,就是出現剛才的提示了。如果連接和key不匹配,給出提示,並拒絕登錄。
3.
StrictHostKeyChecking=yes #
最安全的級別,如果連接與key不匹配,就拒絕連接,不會提示詳細信息。
我一般是用方法2解決-------------
解決方法 1 -------------
對於我來說,在內網的進行的一些測試,為了方便,選擇最低的安全級別。在.ssh/config(或者/etc/ssh/ssh_config)中配置:
StrictHostKeyChecking no UserKnownHostsFile /dev/null(註:這裏為了簡便,將knownhostfile設為/dev/null,就不保存在known_hosts中了) --------------- 解決方法 2 ---------------
vi ~/.ssh/known_hosts
刪除對應ip的相關rsa信息
--------------- 解決方法 3 ---------------rm known_hosts
轉自:https://www.cnblogs.com/cuizhipeng/p/5329848.html
SSH連接時出現Host key verification failed的原因及解決方法