这听起来可能有点奇怪。我能够无缝地通过 ssh 连接到远程主机以及“localhost”。
作为要求的一部分,我修改了 /etc/hosts 文件,其中包含以下条目:
127.0.0.1 localhost # we all know this
10.45.65.1 master # static IP address of my local machine with alias "master"
我可以做这个 :ssh localhost
但是当我尝试:时ssh -v master,出现以下错误 -
OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to master [10.42.43.1] port 22.
debug1: Connection established.
debug1: identity file /home/hduser/.ssh/identity type -1
debug1: identity file /home/hduser/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/hduser/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for master has changed,
and the key for the corresponding IP address 10.42.43.1
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/hduser/.ssh/known_hosts:14
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d0:ff:f0:68:2d:6c:95:7b:89:71:df:99:6b:48:15:a2.
Please contact your system administrator.
Add correct host key in /home/hduser/.ssh/known_hosts to get rid of this message.
Offending key in /home/hduser/.ssh/known_hosts:2
RSA host key for master has changed and you have requested strict checking.
Host key verification failed.
有什么建议 ?
答案1
SSH 会将您曾经连接过的主机的“指纹”存储在 中。假设您之前~/.ssh/known_hosts曾连接过该主机,而当时连接的是另一台机器。master
只需删除~/.ssh/known_hosts(这将使 SSH 忘记它曾经连接过的主机,因此它会再次开始询问您“是否要连接”),或者在文本编辑器中打开它并删除包含该主机的行。
答案2
正如已经回答的那样,或者只删除有问题的行(请注意错误消息中的:2 后缀,表示存储的指纹是文件的第二行):
sed -i 2d /home/hduser/.ssh/known_hosts
或者完全禁用对主机密钥的严格检查:
创建或编辑文件/home/hduser/.ssh/config并添加:
Host *
StrictHostKeyChecking no
(或者专门针对主机主控禁用它)
答案3
谢谢,当我重命名 known_hosts 文件时,它起作用了。在我看到你的回复之前,我碰巧使用了 ssh-keygen -R master,输出本身是一个错误:/home/hduser/.ssh/known_hosts 不是有效的 known_hosts 文件。由于错误,未替换现有的 known_hosts 文件
感谢所有人的回答。