我有一个脚本可以动态创建 Amazon EC2 实例并将其 ssh 密钥添加到我的 ~/.ssh/known_hosts。但是,每当我需要通过终止并重新创建实例来刷新实例时,我都会收到令人讨厌的警告消息,例如:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
<fingerprint>.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in ~/.ssh/known_hosts:94
remove with: ssh-keygen -f "~/.ssh/known_hosts" -R <hostname>
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
这个警告是可以理解的,但是即使我运行该命令删除旧密钥,登录时仍然会显示警告:
Warning: Permanently added '<hostname>' (ECDSA) to the list of known hosts.
Warning: the ECDSA host key for '<hostname>' differs from the key for the IP address '<ip>'
Offending key for IP in ~/.ssh/known_hosts:96
解决方案是手动删除我的那行known_hosts,但是有没有办法通过预先运行单个命令来自动执行此操作?
答案1
来自man ssh-keygen(SSH-KEYGEN(1))
-R hostname Removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts (see the -H option above).
尝试这个:
ssh-keygen -R hostname [-f known_hosts_file]