之前通過SSH遠程一台機器(起個名字:cc),某一天把cc重裝了一下系統,再SSH時顯示密鑰驗證失敗:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is 1e:10:25:81:de:bc:74:92:08:51:ff:ab:49:8d:69:39. Please contact your system administrator. Add correct host key in /home/username/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/username/.ssh/known_hosts:6 remove with: ssh-keygen -f "/home/username/.ssh/known_hosts" -R ***.***.***. ECDSA host key for ***.***.***.*** has changed and you have requested strict checking.*** Host key verification failed.
當client通過ssh連接server時,會把server的信息保存在自己家目錄下的.ssh/known_hosts文件里。如果server被重裝或者被替換(IP沒變),server的信息肯定就改變了,與之前known_hosts里的信息不一致,從而導致密鑰認證失敗。
解決方法也很簡單,根據上面的提示信息,server的信息在/home/username/.ssh/known_hosts:6,直接把known_hosts里server的信息刪掉即可。命令也給出來了:
ssh-keygen -f "/username/username/.ssh/known_hosts" -R ***.***.***.
(該命令會生成known_hosts.old,即原文件的備份)。
再次連接時就會給出主機新的ECDSA key。
感興趣的可以看看SSH的原理