对于 ssh 命令行工具,为什么 `StrictHostKeyChecking=no` 不起作用

对于 ssh 命令行工具,为什么 `StrictHostKeyChecking=no` 不起作用

执行过程如下:

$ ssh -o StrictHostKeyChecking=no [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:2ypJ7ea5D0iqFy5PzHVgHV7p6jX5ONSTGXZGf9KqF6A.
Please contact your system administrator.
Add correct host key in /home/peng/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/peng/.ssh/known_hosts:3
  remove with:
  ssh-keygen -f "/home/peng/.ssh/known_hosts" -R "10.1.1.1"
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
UpdateHostkeys is disabled because the host key is not trusted.
[email protected]: Permission denied (publickey,password,keyboard-interactive).

为什么 ssh 忽略了我的选择?

答案1

如果您仔细查看输出,主机密钥不匹配不会停止连接。但是,由于可能存在中间人攻击,因此某些身份验证类型会被禁用,登录会失败([email protected]: Permission denied ...)。

通常情况下,你会看到StrictHostKeyChecking=no与类似的东西相结合UserKnownHostsFile=/dev/null。尝试

ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null [email protected]

相关内容