如何管理 ssh/config 中仅端口不同的多个“localhost”条目

如何管理 ssh/config 中仅端口不同的多个“localhost”条目

因此,我在一个 ssh 极其受限的环境中操作。我做任何事情最简单的方法都是通过 aws 会话管理器上的隧道来引导 ssh。

以下是示例配置

Host *
  AddKeysToAgent yes
  IdentityFile ~/.ssh/id_ed25519

Host thetaone
  HostName localhost
  User ssm-user
  LocalForward 11000 localhost:22
  LocalForward 5800 localhost:5800
  ProxyCommand aws ssm start-session --profile thetaone --target i-xxxxxx --document-name AWS-StartSSHSession
Host prod
  HostName localhost
  User myuser
  LocalForward 12000 localhost:22
  ProxyCommand aws ssm start-session --target i-yyyyy  --profile prod --document-name AWS-StartSSHSession
Host github.com
  HostName localhost
Host dev
  HostName localhost
  User myuser
  LocalForward 10000 localhost:22
  ProxyCommand aws ssm start-session --target i-zzzz   --profile dev --document-name AWS-StartSSHSession
Host sb
  HostName foo.bar.org
  User someuser
  ProxyJump thetaone

但是,如果我运行: ssh prod 然后稍后 ssh dev

我收到一个错误:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:ceTPAuYIJfG++YZ8Si4oyxDSekKnAsKmL64cPP8sXRI.
Please contact your system administrator.
Add correct host key in /Users/myuser/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/myuser/.ssh/known_hosts:19
Host key for localhost has changed and you have requested strict checking.
Host key verification failed.

那么,我如何才能有效地告诉 ssh,“主机”定义实际上是“主机:端口”——或者,也许有一种完全不同的机制来解决这个问题。显然我可以编辑 allowed_hosts 文件,但我想要一些无缝的东西

答案1

AHostKeyAlias应该有帮助。

Host dev
  HostName localhost
  HostKeyAlias localhost-dev
Host prod
  HostName localhost
  HostKeyAlias localhost-prod

相关内容