我正在运行一项ansible
任务,但这更是一个ssh
问题;
我执行rsync
命令(从我的localhost
到vagrant
机器)如下:
command: "rsync -zaP -e 'ssh -p {{ ansible_port }} -o StrictHostKeyChecking=no' {{ temp_build_directory }}/artifacts.tar.gz {{ rsync_remote_user }}@{{ ansible_host }}:/tmp"
尽管我明确禁用了主机密钥检查,但在某些时候我收到了以下错误:
TASK [send_artifacts : Transfer Artifacts --> Transfer tarball to deployment targets] ***
fatal: [vagrant -> localhost]: FAILED! => changed=true
cmd:
- rsync
- -zaP
- -e
- ssh -p 2222 -o StrictHostKeyChecking=no
- /tmp/mdr-700263/artifacts.tar.gz
- [email protected]:/tmp
delta: '0:00:00.351747'
end: '2018-10-18 12:04:52.350948'
msg: non-zero return code
rc: 23
start: '2018-10-18 12:04:51.999201'
stderr: |-
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:8r8mZHkCiXJBAu7LeaFsjpa5g2gpQTZzf7RpesOV0QQ.
Please contact your system administrator.
Add correct host key in /home/ansible/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/ansible/.ssh/known_hosts:3
remove with:
ssh-keygen -f "/home/ansible/.ssh/known_hosts" -R [127.0.0.1]:2222
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
rsync: link_stat "/tmp/mdr-700263/artifacts.tar.gz" failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1183) [sender=3.1.1]
stderr_lines:
这是为什么?
答案1
有一个警告关于ssh
主机密钥的更改。这错误来自rsync
并表示/tmp/mdr-700263/artifacts.tar.gz
在本地计算机上找不到源文件 ( )。这些可能不相关。
您会收到警告,因为无论设置如何,始终都会根据ssh
已知密钥对主机密钥进行验证。known_hosts
StrictHostKeyChecking
从ssh_config
手册中:
StrictHostKeyChecking
[...] 如果此标志设置为“no”或“off”,ssh 将自动将新的主机密钥添加到用户已知的主机文件中,并允许继续连接到具有更改的主机密钥的主机,但受到一些限制。 [...] 在所有情况下都会自动验证已知主机的主机密钥。