当我通过 SSH 连接到新机器时,我遇到了这个奇怪的问题,但我的 known_hosts 文件会使用某种哈希值而不是主机名进行更新。这导致当我稍后尝试通过 SSH 连接到同一台机器时无法自动完成。
例如:
我的known_hosts文件的最后两行:
10.1.x.xx ecdsa-sha2-nistp256 AAAAE2VjZHNhLXN ... the rest of the hash
db03.test.fqdn.com ecdsa-sha2-nistp256 AAAAE2 ... the rest of the hash
我通过 SSH 进入盒子:
#ssh app01.test.fqdn.com
[~]$ ssh app01.test.fqdn.com
The authenticity of host 'app01.test.fqdn.com (10.1.2.92)' can't be established.
ECDSA key fingerprint is SHA256:2zbk+M6WbAwjBbtODTklKDqctO/b2JQgirf4LWGh3jE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'app01.test.fqdn.nl,10.1.x.xx' (ECDSA) to the list of known hosts.
Last login: Tue Feb 15 09:58:51 2022 from 10.1.x.xx
app01:[~]$
我新更新的known_hosts文件将显示此添加的内容:
10.1.x.xx ecdsa-sha2-nistp256 AAAAE2VjZHNhLXN ... the rest of the hash
db03.test.fqdn.com ecdsa-sha2-nistp256 AAAAE2 ... the rest of the hash
|1|xYTWX7K9utTfitsxMOGbPzw9N1o=|oDRxbbY1125i24iuXy5xuDmrLeo= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHYbjef6rxrnsVFFYrgHt05lkWK5R+eXao3Eo4WnYmo/ddzCMhq8S+QPd1EUtwcdGrolzNh8c3HU+NZRX8SSeFs=
|1|ViKCEleTNJ8pFeYaVJBIIYx1TJg=|pq9/mhpijBxbQa8H1NWBhKN3nKU= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHYbjef6rxrnsVFFYrgHt05lkWK5R+eXao3Eo4WnYmo/ddzCMhq8S+QPd1EUtwcdGrolzNh8c3HU+NZRX8SSeFs=
因此,当我尝试重新连接时,我无法使用制表符补全。但我不知道该去哪里找。
答案1
正如其他人所评论的那样,HashKnownHosts yes由于主机名经过了哈希处理,因此无法自动完成。通过使用Host *匹配所有主机,将其添加到“全局”部分。
Host *
HashKnownHosts no
虽然这种方法可行,但它不能满足我的需求,因为我更喜欢短名称而不是长名称,并且我~/.ssh/config习惯HostName将短名称转换为 FQDN。这是我的config。
Host *
HashKnownHosts no
Host ns-*
HostName %h.example.com
IdentityFile ~/.ssh/%h
IdentitiesOnly yes
当连接到时ns-host01,以下内容将添加到known_hosts。
ns-host01.example.com,192.16.0.104 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOl4AD310E/7OpWInZvotUO1rshKy/PuljvR9nQmamNPlZaXBneXGaufJ6Ox74AlUVCS3NR3xrgOcea19qq4vIM=
但这对自动完成功能没有帮助,自动完成功能会完成 FQDN。虽然我可以手动添加简称,但那太……手动了。我在网上找不到任何可以添加简称的方法和带有 IP 的长主机名known_hosts。然后我阅读手册。
-f file
Read hosts or “addrlist namelist” pairs from file, one per line. If ‘-’ is supplied instead of a filename, ssh-keyscan
will read from the standard input. Input is expected in the format:
1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
考虑到这一点,这
echo "192.16.0.104,ns-host01,ns-host01.example.com" | ssh-keyscan -f - -t ecdsa,ed25519
生成以下内容,其中包含短主机名和长主机名和 IP。
192.16.0.104,ns-host01,ns-host01.example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNF+UEbktGXlyYX/t1hvnIvxa+9fB67q15EjBkZUA2EkkTrcvLwASi6np9gqM5dCSpE0CkLeGP75UMFR8LOAgqM=
# 192.16.0.104:22 SSH-2.0-OpenSSH_8.1
192.16.0.104,ns-host01,ns-host01.example.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMibknxgW6cY7JUsKQEB/i188uS9SLx8JoiMg+YD3n7U
将其附加到您的known_hosts现在自动完成功能按预期工作,并在短主机名处停止。