因此,我在一个 ssh 极其受限的环境中操作。我做任何事情最简单的方法都是通过 aws 会话管理器上的隧道来引导 ssh。
以下是示例配置
Host *
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
Host thetaone
HostName localhost
User ssm-user
LocalForward 11000 localhost:22
LocalForward 5800 localhost:5800
ProxyCommand aws ssm start-session --profile thetaone --target i-xxxxxx --document-name AWS-StartSSHSession
Host prod
HostName localhost
User myuser
LocalForward 12000 localhost:22
ProxyCommand aws ssm start-session --target i-yyyyy --profile prod --document-name AWS-StartSSHSession
Host github.com
HostName localhost
Host dev
HostName localhost
User myuser
LocalForward 10000 localhost:22
ProxyCommand aws ssm start-session --target i-zzzz --profile dev --document-name AWS-StartSSHSession
Host sb
HostName foo.bar.org
User someuser
ProxyJump thetaone
但是,如果我运行:
ssh prod
然后稍后
ssh dev
我收到一个错误:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:ceTPAuYIJfG++YZ8Si4oyxDSekKnAsKmL64cPP8sXRI.
Please contact your system administrator.
Add correct host key in /Users/myuser/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/myuser/.ssh/known_hosts:19
Host key for localhost has changed and you have requested strict checking.
Host key verification failed.
那么,我如何才能有效地告诉 ssh,“主机”定义实际上是“主机:端口”——或者,也许有一种完全不同的机制来解决这个问题。显然我可以编辑 allowed_hosts 文件,但我想要一些无缝的东西
答案1
AHostKeyAlias应该有帮助。
Host dev
HostName localhost
HostKeyAlias localhost-dev
Host prod
HostName localhost
HostKeyAlias localhost-prod