在我的 Mac 上,当我 SSH 到已知主机时,我得到:
Matching host key in /Users/user1/.ssh/known_hosts:5
Are you sure you want to continue connecting (yes/no)?
为什么如果是已知主机,它仍会警告我?它应该只在未知地址时才警告我。我该如何跳过它?
.ssh/config内容:
Host s1
Hostname myserver.website.com
User user1
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
答案1
输入您的配置StrictHostKeyChecking yes,因为您得到的问题来自ask此参数的值(可能是您安装中的默认值)。
这来自源代码的这一部分:
if (options.check_host_ip && host_status != HOST_CHANGED &&
ip_status == HOST_CHANGED) {
snprintf(msg, sizeof(msg),
"Warning: the %s host key for '%.200s' "
"differs from the key for the IP address '%.128s'"
"\nOffending key for IP in %s:%lu",
type, host, ip, ip_found->file, ip_found->line);
if (host_status == HOST_OK) {
len = strlen(msg);
snprintf(msg + len, sizeof(msg) - len,
"\nMatching host key in %s:%lu",
host_found->file, host_found->line);
}
if (options.strict_host_key_checking ==
SSH_STRICT_HOSTKEY_ASK) {
strlcat(msg, "\nAre you sure you want "
"to continue connecting (yes/no)? ", sizeof(msg));
if (!confirm(msg))
goto fail;
这似乎意味着主机密钥没有改变,但其 IP 确实改变了,因此ask在这种情况下系统希望您确认该值。但 IP 地址的改变在正常生活中是可能发生的,如果主机密钥仍然匹配,则应该/可以忽略。
边注:
请勿使用,on因为它将不起作用,您需要yes(off作为别名存在no但on不存在),感谢 Kamil Maciorowski 的仔细审查。