ssh:尽管禁用严格的主机密钥检查,但仍发出警告

ssh:尽管禁用严格的主机密钥检查,但仍发出警告

我正在运行一项ansible任务,但这更是一个ssh问题;

我执行rsync命令(从我的localhostvagrant机器)如下:

command: "rsync -zaP  -e 'ssh -p {{ ansible_port }} -o StrictHostKeyChecking=no' {{ temp_build_directory }}/artifacts.tar.gz {{ rsync_remote_user }}@{{ ansible_host }}:/tmp"

尽管我明确禁用了主机密钥检查,但在某些时候我收到了以下错误:

TASK [send_artifacts : Transfer Artifacts -->  Transfer tarball to deployment targets] ***
fatal: [vagrant -> localhost]: FAILED! => changed=true 
  cmd:
  - rsync
  - -zaP
  - -e
  - ssh -p 2222 -o StrictHostKeyChecking=no
  - /tmp/mdr-700263/artifacts.tar.gz
  - [email protected]:/tmp
  delta: '0:00:00.351747'
  end: '2018-10-18 12:04:52.350948'
  msg: non-zero return code
  rc: 23
  start: '2018-10-18 12:04:51.999201'
  stderr: |-
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that a host key has just been changed.
    The fingerprint for the ECDSA key sent by the remote host is
    SHA256:8r8mZHkCiXJBAu7LeaFsjpa5g2gpQTZzf7RpesOV0QQ.
    Please contact your system administrator.
    Add correct host key in /home/ansible/.ssh/known_hosts to get rid of this message.
    Offending ECDSA key in /home/ansible/.ssh/known_hosts:3
      remove with:
      ssh-keygen -f "/home/ansible/.ssh/known_hosts" -R [127.0.0.1]:2222
    Password authentication is disabled to avoid man-in-the-middle attacks.
    Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
    rsync: link_stat "/tmp/mdr-700263/artifacts.tar.gz" failed: No such file or directory (2)
    rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1183) [sender=3.1.1]
  stderr_lines:

这是为什么?

答案1

有一个警告关于ssh主机密钥的更改。这错误来自rsync并表示/tmp/mdr-700263/artifacts.tar.gz在本地计算机上找不到源文件 ( )。这些可能不相关。

您会收到警告,因为无论设置如何,始终都会根据ssh已知密钥对主机密钥进行验证。known_hostsStrictHostKeyChecking

ssh_config手册中:

StrictHostKeyChecking

[...] 如果此标志设置为“no”或“off”,ssh 将自动将新的主机密钥添加到用户已知的主机文件中,并允许继续连接到具有更改的主机密钥的主机,但受到一些限制。 [...] 在所有情况下都会自动验证已知主机的主机密钥。

相关内容