SSH登录异常(IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!)
错误提示
使用ssh
远程登录提示错误信息:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:Z+DiW60VaGGGkO+U7Q3MLXyFsF65PKHoT6KPwdE/p4E.
Please contact your system administrator.
Add correct host key in /home/wujiayi/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/wujiayi/.ssh/known_hosts:6
remove with:
ssh-keygen -f "/home/wujiayi/.ssh/known_hosts" -R 120.24.81.17
ECDSA host key for 120.24.81.17 has changed and you have requested strict checking.
Host key verification failed.
错误原因
ssh
会把你每个你访问过计算机的公钥(public key)都记录在 ~/.ssh/known_hosts
。当下次访问相同计算机时,OpenSSH 会核对公钥。如果公钥不同,OpenSSH 会发出警告, 避免你受到 DNS Hijack 之类的攻击。
一台主机上有多个 Linux 系统,会经常切换,那么这些系统使用同一 ip ,登录过一次后就会把ssh信息记录在本地的 ~/.ssh/known_hsots
文件中,切换该系统后再用ssh访问这台主机就会出现冲突警告,需要手动删除修改 known_hsots
里面对应的 IP 地址的公钥内容。
解决办法
- 手动删除修改known_hsots里面的内容;
修改配置文件
~/.ssh/config
,加上下面两行代码,重启服务器;StrictHostKeyChecking no UserKnownHostsFile /dev/null