SSH登录警告（WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!）

Posted 2020-09-20 Federico

在配置本机与docker容器实现ssh无密码访问时出现以下报错

# federico @ linux in ~ [18:35:52] C:127
$ sudo ssh-copy-id -i .ssh/id_rsa.pub ‘[email protected]‘
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!
ERROR: It is also possible that a host key has just been changed.
ERROR: The fingerprint for the ECDSA key sent by the remote host is
ERROR: SHA256:w5oT7ToJ13bcE9Aw4vvTk+8luy0xwjKJSaWhxSoHpdg.
ERROR: Please contact your system administrator.
ERROR: Add correct host key in /root/.ssh/known_hosts to get rid of this message.
ERROR: Offending ECDSA key in /root/.ssh/known_hosts:26
ERROR: remove with:
ERROR: ssh-keygen -f "/root/.ssh/known_hosts" -R 172.18.0.2
ERROR: ECDSA host key for 172.18.0.2 has changed and you have requested strict checking.
ERROR: Host key verification failed.

出现此报错后，我直接进入到docker容器中的用户家目录下的.ssh/目录下新建了authorized_keys文件并将我的宿主机公钥添加至此文件，但是连接过程中出现了以下的报错

$ ssh [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:w5oT7ToJ13bcE9Aw4vvTk+8luy0xwjKJSaWhxSoHpdg.
Please contact your system administrator.
Add correct host key in /home/federico/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/federico/.ssh/known_hosts:26
remove with:
ssh-keygen -f "/home/federico/.ssh/known_hosts" -R 172.18.0.2
ECDSA host key for 172.18.0.2 has changed and you have requested strict checking.
Host key verification failed.

出现此问题的原因及解决措施：

原因：

ssh会把你每个你访问过计算机的公钥(public key)都记录在~/.ssh/known_hosts。当下次访问相同计算机时，OpenSSH会核对公钥。如果公钥不同，OpenSSH会发出警告， 避免你受到DNS Hijack之类的攻击，我这次操作之所以会出现以上的报警就是因为我的以前的docker容器使用过这个ip并且设置过ssh通过秘钥登录，在实际工作中如果频繁的下线上线机器，而我们使用的私有ip一致很有可能出现同样的情况。

解决措施：

1. 手动删除修改known_hsots里面的内容；
2. 修改配置文件“~/.ssh/config”，加上这两行，重启服务器。
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null

# federico @ linux in ~/.ssh [18:43:17]
$ > known_hosts

# federico @ linux in ~/.ssh [18:45:09] C:130
$ cat known_hosts

清空认证列表即可

# federico @ linux in ~ [18:55:00] C:1
$ ssh [email protected]
The authenticity of host ‘172.18.0.2 (172.18.0.2)‘ can‘t be established.
ECDSA key fingerprint is SHA256:w5oT7ToJ13bcE9Aw4vvTk+8luy0xwjKJSaWhxSoHpdg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.18.0.2‘ (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-77-generic x86_64)

* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

[email protected]:~#

问题解决，现在我们可以成功连接

注释：背景为红色的字体为输入的命令，背景为蓝色的字体为输出信息。