由于远程的子机服务器,重新安装过,之前建立的信任机制无法使用,再次ssh 执行scp操作,提示连接操作失败,提示如下:
lost connection
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
a8:e5:62:46:78:94:94:16:03:c8:ac:17:fc:ef:39:aa.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:46
RSA host key for 222.186.56.15* has changed and you have requested strict checking.
Host key verification failed.
原因是在主机子系统每次成功ssh连接远程操作,都会把你每个你访问过计算机的公钥(public key)都记录在主机的目录/root/.ssh的known_hosts下,当下次访问相同子机服务器时,会核对公钥。如果公钥不同,会发出警告,避免你受到DNS Hijack之类的攻击。
ssh连接上,提示继续,输入yes,会把连接子机的RSA添加到主机known hosts下,如下:
The authenticity of host '222.186.56.159 (222.186.56.15*)' can't be established.
RSA key fingerprint is a8:e5:62:46:78:94:94:16:03:c8:ac:17:fc:ef:39:aa.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '222.186.56.15* (RSA) to the list of known hosts.
解决方式:
cd /root/.ssh
vi known_hosts
找到对应的子机ip的 ssh-rsa 删除该行,退出保存known_hosts,重新执行主机ssh连接子机,通过操作。
另外,建立主机和子机的信任机制操作:
A服务器:/root/.ssh/下
1、ssh-keygen -t rsa
2、cd /root/.shh/目录下
id_rsa为密钥; id_rsa.pub为公钥
// 生成keys
cat id_rsa.pub >authorized_keys
scp B服务器的同目录下,/root/.ssh/ 下,建立A->B的信任,A scp 文件到 B 不需要密码
如果B->A建立信任,同样操作B的文件,生成后,直接追加到keys,再copy到A服务器同目录下。
cat id_rsa.pub >>authorized_keys
把A公钥id_rsa.pub生成key copy到B服务器根目录root/.ssh/下
------摘自 ssh登陆提示"Host key verification failed."的解决方法 - CSDN博客
网友评论