我在连接 ssh 主机时遇到问题。我不断在详细模式下收到此消息:
OpenSSH_7.2p2, LibreSSL 2.4.1
debug1: Reading configuration data /Users/me/.ssh/config
debug1: /Users/me/.ssh/config line 4: Applying options for *.ta.local
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to <host_name> [<host_ip>] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/me/.ssh/id_ed25519 type 4
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to >host_ip>:22 as 'me'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:+Wl92PcQ6xQSAtNdxvAeBWExxDXl6NM0M4i6dUEvVA0
The authenticity of host '<host_name> (<host_ip>)' can't be established.
ECDSA key fingerprint is SHA256:+Wl92PcQ6xQSAtNdxvAeBWExxDXl6NM0M4i6dUEvVA0.
Are you sure you want to continue connecting (yes/no)?
Host key verification failed.
仅供参考:在粘贴的跟踪中,我替换了用户名、主机和 IP......以防有人感到困惑。
这是我的 ssh_config:
Host *
SendEnv LANG LC_*
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
我读到了很多关于主机密钥可能自上次登录以来发生变化的信息。因此,我已经尝试删除 known_hosts 文件中的条目,但无论使用哪个 ssh 服务器,仍然会收到该错误。
知道我可能犯了什么错误吗?
更多信息:我最近将 mac os 更新到了 sierra。也许这有关系。
答案1
你可能知道,更改指纹可能意味着你正在遭受中间人攻击,所以首先要记住这一点
。什么是 SSH 密钥指纹以及如何生成它?:
指纹基于主机的公钥,通常基于“/etc/ssh/ssh_host_rsa_key.pub”通常用于轻松识别/验证您所连接的主机。
如果指纹发生变化,则表明您连接的计算机已更改其公钥。这可能不是坏事(重新安装 ssh 时会发生这种情况),但也可能表明您正在连接到同一域/IP 上的另一台计算机(当您通过负载平衡器等连接时会发生这种情况)或您正受到中间人攻击,攻击者以某种方式拦截/重新路由您的 ssh 连接以连接到可能正在窥探您的用户/密码的其他主机。
因此,如果您现在确定服务器是安全的,我建议手动连接并接受新的指纹,因为这似乎是解决您的问题的最简单的方法。