无法从 ansible ssh 到远程主机

无法从 ansible ssh 到远程主机

我正在尝试在远程主机上运行 ansible 剧本。但登录的第一步没有发生。尝试了以下操作:

  • 使用远程主机凭据更新了 ansible/hosts 文件
  • 添加 host_key_checking=false
  • 在 sshd_config 文件中,我已设置 ChallengeResponseAuthentication =yes(并重新启动了 ssh)
  • Ansible 版本是 2.3

输出:

fatal: [10.236.155.69]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: 
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that a host key has just been changed.
    The fingerprint for the ECDSA key sent by the remote host is\n47:0a:1a:05:f2:49:1e:cc:99:2a:47:d8:67:4f:4c:2e.
    Please contact your system administrator.
    Add correct host key in /root/.ssh/known_hosts to get rid of this message.
    Offending ECDSA key in /root/.ssh/known_hosts:2
      remove with: ssh-keygen -f \"/root/.ssh/known_hosts\" -R 10.236.155.69
    Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
    Permission denied (publickey,password,keyboard-interactive).
    ",
    "unreachable": true
}

答案1

如果这是您的主机,您应该从 /root/.ssh/known_hosts 第 2 行删除 SSH 指纹。您可以使用命令删除它:ssh-keygen -f \"/root/.ssh/known_hosts\" -R 10.236.155.69或者使用任何文本编辑器手动执行。这是由于重新安装服务器导致重新生成 SSH 指纹造成的。如果您不对此主机执行任何操作,则可能是安全问题。

相关内容