host_a 是 macOS
host_b 是 Ubuntu
host_b 位于 host_a 上的known_hosts 中
host_a 不在 host_b 上的known_hosts 中
为了简洁起见,我更改了指纹并修剪了一些输出,但除此之外,这就是事件的顺序。
在一些相当随机的时间,我尝试 ssh 到 host_b (在known_hosts 中),并收到远程主机警告。
me@host_a:~ $ ssh host_b
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:9rxxxxxxxxxxxxxxxxxxxxxxxxxNI.
Please contact your system administrator.
Add correct host key in /Users/me/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/me/.ssh/known_hosts:6
Host key for host_b has changed and you have requested strict checking.
Host key verification failed.
然后,我立即再次尝试,它起作用了:
me@host_a:~ $ ssh host_b
Last login: Sat Feb 11 11:49:59 2023 from 10.0.1.50
me@host_b:~$
然后我尝试 ssh 返回到 host_a (未知)
me@host_b:~$ ssh host_a
The authenticity of host 'host_a (10.0.1.50)' can't be established.
ED25519 key fingerprint is SHA256:9rxxxxxxxxxxxxxxxxxxxxxxxxxNI.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? ^C
me@host_b:~$ exit
奇怪的是,host_a 指纹与第一次尝试时所说的 host_b 标识自己的指纹相同。
回到 host_a 我尝试检查指纹:
me@host_a:~ $ ssh-keyscan host_b | ssh-keygen -lf -
...
256 SHA256:7gxxxxxxxxxxxxxxxxxxxxxxxxxOA host_b (ED25519)
...
me@host_a:~ $ ssh-keyscan host_a | ssh-keygen -lf -
...
256 SHA256:9rxxxxxxxxxxxxxxxxxxxxxxxxxNI host_a (ED25519)
...
在 localhost 或 127.0.0.1(而不是 host_a)上运行 ssh-keyscan 会产生相同的指纹。
这种情况只会随机发生,如果我大约 10-15 分钟没有 ssh 到 host_b,那么第一次尝试时我会收到警告,称远程主机的指纹不匹配(并且它始终是实际的 host_a 的指纹!)
我相当有信心我的家庭网络上没有任何恶意行为,但这可能是什么原因造成的?