现象
ssh登录远程服务器时,控制台打印了如下信息:REMOTE HOST IDENTIFICATION HAS CHANGED! .....
场景
已经配置过远程服务器连接,因为服务器系统重做,在连接远程服务器时, 控制台会报如下信息:
# xxx 为~/.ssh/config中配置的连接简称
➜ ~ ssh xxx
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXX.
Please contact your system administrator.
Add correct host key in /Users/XXX/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/XXX/.ssh/known_hosts:12
ECDSA host key for 1XXXXXXXXXX0 has changed and you have requested strict checking.
Host key verification failed.
原因
ssh会把你每个你访问过计算机的公钥(public key)都记录在~/.ssh/known_hosts。当下次访问相同计算机时,OpenSSH会核对公钥。如果公钥不同,OpenSSH会发出警告, 避免你受到DNS Hijack之类的攻击。
解决方案(推荐方案3):
方法一:
rm -rf ~/.ssh/known_hosts
++++++++++++++++++
优点:干净利索
缺点:把其他正确的公钥信息也删除,下次链接要全部重新经过认证
方法二:
vi ~/.ssh/known_hosts
删除对应ip的相关rsa信息(本例可知删除12信息即可)
++++++++++++++++++
优点:其他正确的公钥信息保留
缺点:还要vi,还要找到对应信息,稍微优点繁琐
方法三:
清除旧的公钥信息
# 192... 修改成自己的服务器地址
ssh-keygen -R 192.168.0.100
++++++++++++++++++
优点:快、稳、狠
缺点:没有缺点
