我在检查主机密钥时遇到了这种奇怪的情况。ssh -v github.com
:
- 在 MacOS Mojave (10.14.5 (18F132)) 上与“OpenSSH_7.9p1、LibreSSL 2.7.3”兼容:
然后我被要求输入密码。debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8 debug1: Host 'github.com' is known and matches the RSA host key. debug1: Found key in /Users/dominik/.ssh/known_hosts:1
- 做不是在 Docker 镜像上使用“OpenSSH_7.9p1 Debian-10,OpenSSL 1.1.1c 28 May 2019”
debian:buster-20190708
:debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8 The authenticity of host 'github.com (140.82.118.4)' can't be established. RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8. Are you sure you want to continue connecting (yes/no)?
我的~/.ssh/known_hosts
文件:
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
我使用的Docker命令是:
docker run --rm -it -v ~/.ssh/:/root/.ssh/ debian:buster-20190708 sh -c 'apt-get update && apt-get install -y ssh && ssh -v github.com'
答案1
我找到了答案:
运行ssh-keyscan -H
@notStan 在他的评论中提到,在主机上。它会对 中的所有主机名进行哈希处理known_hosts
(原始主机名备份在 中known_hosts.old
)。
Debian 的默认 OpenSSH 配置/etc/ssh/ssh_config
设置了选项HashKnownHosts yes
. 那么在这种情况下,它似乎无法读取未散列的主机名github.com
。