今天,我尝试通过 SSH 连接到我的远程 Ubuntu 20.04 LTS 服务器并遇到此消息 – 警告:远程主机标识已更改!.
$ ssh [email protected]
样本输出:
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:K/jEKNQCYYOilJxOZc7qAWlu4xu0nW+MD09DfJL7+gc. Please contact your system administrator. Add correct host key in /home/sk/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/sk/.ssh/known_hosts:11 remove with: ssh-keygen -f "/home/sk/.ssh/known_hosts" -R "192.168.225.52" ECDSA host key for 192.168.225.52 has changed and you have requested strict checking. Host key verification failed.
错误 – 警告远程主机标识已更改
这实际上不是错误消息。 这只是一个安全通知,表明给定远程系统的 ECDSA 主机密钥自您上次连接以来已更改。 您可能已经知道,当我们第一次通过 SSH 从本地系统访问远程系统时,该远程主机发送的 ECDSA 密钥的指纹被缓存并存储在 $HOME/.ssh/known_hosts 我们本地系统中的文件。
当您重新安装远程系统或为多个远程系统分配相同的 IP 地址后身份(指纹)发生变化时,会显示上述警告消息。
修复 Linux 中的“警告:远程主机标识已更改”错误
要解决此问题,只需使用以下命令删除本地系统上 IP 地址的缓存密钥:
$ ssh-keygen -R 192.168.225.52
样本输出:
# Host 192.168.225.52 found: line 11 /home/sk/.ssh/known_hosts updated. Original contents retained as /home/sk/.ssh/known_hosts.old
修复 Linux 中的“警告:远程主机标识已更改”错误
您还可以使用显式指定 known_hosts 文件的路径 -F 像下面这样的标志。
$ ssh-keygen -f "/home/sk/.ssh/known_hosts" -R "192.168.225.52"
上述命令将删除属于远程主机的所有密钥 known_hosts 本地系统的文件。 还有旧的内容 known_hosts 文件将保留在名为“known_hosts.old”。
如果您使用不同的 SSH 端口,则需要明确提及,如下所示:
$ ssh-keygen -R 192.168.225.52:1234
这里,1234 是 SSH 端口号。 将其替换为您的实际 SSH 端口号。
删除密钥后,再次尝试使用以下命令通过 SSH 连接到远程系统:
$ ssh [email protected]
键入“yes”并按 ENTER 以在本地系统中添加远程主机密钥:
The authenticity of host '192.168.225.52 (192.168.225.52)' can't be established. ECDSA key fingerprint is SHA256:K/jEKNQCYYOilJxOZc7qAWlu4xu0nW+MD09DfJL7+gc. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.225.52' (ECDSA) to the list of known hosts. [email protected]'s password:
现在您可以通过 SSH 访问远程系统。
