主机密钥验证失败。#015

tag-icon tag-icon ssh verification
主机密钥验证失败。#015

我正在尝试在远程计算机上执行脚本。让我们称之为(Secondary),为了简单起见,脚本如下:

#!/bin/bash

echo "This is the Remote Machine (Secondary)" > /tmp/test.txt
echo "---------------------------------------------------" >> /tmp/test.txt
echo "Test.sh scandir = $scandir" >> /tmp/test.txt
echo "Test.sh tmpdir = $tmpdir" >> /tmp/test.txt
echo "Test.sh CurrentDir = $CurrentDir" >> /tmp/test.txt
echo "---------------------------------------------------" >> /tmp/test.txt

我可以使用以下命令从主机远程执行。

ssh <username>@192.168.1.20 'screen -S TestProcess -d -m ./test.sh'

并且脚本按预期运行。

但是,当从系统进程自动执行脚本时,我收到以下错误。

Feb 21 06:20:23 Primary test.sh: Host key verification failed.#015

我已经生成了 ssh 密钥并复制了它们。

ssh-keygen -R 192.168.1.20
ssh-copy-id <username>@192.168.1.20

可能是什么问题?

答案1

请注意,这与主机密钥有关,即您的客户端知道它正在联系正确的服务器的方式。这与ssh-keygen服务器生成的用于验证用户身份的密钥无关。

“主机密钥验证失败”表示客户端之前记录过主机的公钥,但自上次以来公钥已发生变化。这可能是由于攻击、服务器重新安装或者服务器 IP 地址或主机名更改造成的。保存的主机密钥是按帐户存储的,这可以解释为什么它可以从您的帐户运行,但不能从“系统进程”运行(可能以不同的用户身份运行)。要解决此问题,请ssh-keygen -R 192.168.1.20以运行该系统进程的用户身份运行。然后以该系统用户身份运行一次并在出现提示时输入“yes”来记录当前主机密钥。ssh [email protected] true

也有可能您启用了该选项StrictHostKeyChecking,或者 ssh 第一次无法提示您确认主机密钥验证并因此失败。在“主机密钥验证失败”之前会有另一条消息表明这一点。无论哪种方式,与以前一样,通过以该系统用户身份运行一次并在出现提示时输入“yes”来记录当前主机密钥。密钥将存储在用户主目录下的文件中。ssh [email protected] true.ssh/known_hosts

答案2

我想我明白了。检查 ssh 日志中是否有显示的自动脚本

Feb 22 23:46:02 PiScanner scan.sh: debug1: Connecting to 192.168.1.20 [192.168.1.20] port 22.#015
Feb 22 23:46:02 PiScanner scan.sh: debug1: Connection established.#015
Feb 22 23:46:02 PiScanner scan.sh: debug1: permanently_set_uid: 0/0#015
Feb 22 23:46:02 PiScanner scan.sh: debug1: identity file /root/.ssh/id_rsa type 1#015
Feb 22 23:46:02 PiScanner scan.sh: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048#015
Feb 22 23:46:02 PiScanner scan.sh: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048#015
Feb 22 23:46:02 PiScanner scan.sh: debug1: **identity file /root/.ssh/id_rsa-cert type -1#015**
Feb 22 23:46:02 PiScanner scan.sh: debug1: identity file /root/.ssh/id_dsa type -1#015
Feb 22 23:46:02 PiScanner scan.sh: debug1: identity file /root/.ssh/id_dsa-cert type -1#015
Feb 22 23:46:02 PiScanner scan.sh: debug1: identity file /root/.ssh/id_ecdsa type -1#015
Feb 22 23:46:02 PiScanner scan.sh: debug1: identity file /root/.ssh/id_ecdsa-cert type -1#015
Feb 22 23:46:02 PiScanner scan.sh: debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2#015
Feb 22 23:46:02 PiScanner scan.sh: debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*#015

我生成密钥的用户的日志有

    debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
    debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/pi/.ssh/id_rsa-cert type -1
    debug1: identity file /home/pi/.ssh/id_dsa type -1
    debug1: identity file /home/pi/.ssh/id_dsa-cert type -1
    debug1: identity file /home/pi/.ssh/id_ecdsa type -1
    debug1: identity file /home/pi/.ssh/id_ecdsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2

我将通过 root 用户生成的密钥复制了。执行 sudo -i 后的 ~/.ssh 目录

https://askubuntu.com/questions/497895/permission-denied-for-rootlocalhost-for-ssh-connection

ssh_config 文件中的 PermitRootLogin yes 对我不起作用,并且确实生成了其他错误。

相关内容