当前位置: 首页>>技术教程>>正文


“主机密钥验证失败”时如何建立ssh密钥对

, ,

问题描述

我已经在我的桌面和两台服务器之间设置了ssh密钥对,从服务器到我的桌面,但是在我的桌面上重新安装操作系统之后,我不能通过这个re-establish密钥对进入我的桌面:

mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t 
ssh-copy-id username@server

我收到以下错误:

(斜体名称改为保护无辜我的桌面是Ubuntu,我找不到答案here)

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is ab:cd:ef:gh Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending key in /home/user/.ssh/known_hosts:1 RSA host key for user.server has changed and you have requested strict checking. Host key verification failed.

最佳解决方法

ssh-keygen -R hostname

这将从known_hosts中删除违规密钥

手册页条目如下:

-R hostname Removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts (see the -H option above).

次佳解决方法

最有可能的是,远程主机ip或ip_alias不在〜/.ssh /known_hosts文件中。您可以使用以下命令将主机名添加到known_hosts文件。

$ssh-keyscan -H -t rsa ip_or_ipalias >> ~/.ssh/known_hosts

另外,我生成了以下脚本来检查特定的ip或ipalias是否在know_hosts文件中。

#!/bin/bash
#Jason Xiong: Dec 2013   
# The ip or ipalias stored in known_hosts file is hashed and   
# is not human readable.This script check if the supplied ip    
# or ipalias exists in ~/.ssh/known_hosts file

if [[ $# != 2 ]]; then
   echo "Usage: ./search_known_hosts -i ip_or_ipalias"
   exit;
fi
ip_or_alias=$2;
known_host_file=/home/user/.ssh/known_hosts
entry=1;

cat $known_host_file | while read -r line;do
  if [[ -z "$line" ]]; then
    continue;
  fi   
  hash_type=$(echo $line | sed -e 's/|/ /g'| awk '{print $1}'); 
  key=$(echo $line | sed -e 's/|/ /g'| awk '{print $2}');
  stored_value=$(echo $line | sed -e 's/|/ /g'| awk '{print $3}'); 
  hex_key=$(echo $key | base64 -d | xxd -p); 
  if  [[ $hash_type = 1 ]]; then      
     gen_value=$(echo -n $ip_or_alias | openssl sha1 -mac HMAC \
         -macopt hexkey:$hex_key | cut -c 10-49 | xxd -r -p | base64);     
     if [[ $gen_value = $stored_value ]]; then
       echo $gen_value;
       echo "Found match in known_hosts file : entry#"$entry" !!!!"
     fi
  else
     echo "unknown hash_type"
  fi
  entry=$((entry + 1));
done

第三种解决方法

如果您确定服务器是正确的,sed -i 1d ~/.ssh/known_hosts将删除您本地~/.ssh/known_hosts的第1行。下次连接时,新的正确密钥将添加到文件中。

第四种方法

步骤1:$ Bhargava.ssh#

ssh-keygen -R 199.95.30.220

step2:$ Bhargava.ssh#

ssh-copy-id hostname@199.95.30.220

          Enter the the password.........

第3步:Bhargava .ssh#

ssh hostname@199.95.30.220

Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-68-generic x86_64) * Documentation: https://help.ubuntu.com/ Ubuntu 14.04.3 LTS server : 228839 ip : 199.95.30.220 hostname : qt.example.com System information as of Thu Mar 24 02:13:43 EDT 2016 System load: 0.67 Processes: 321 Usage of /home: 5.1% of 497.80GB Users logged in: 0 Memory usage: 53% IP address for eth0: 199.95.30.220 Swap usage: 16% IP address for docker0: 172.17.0.1 Graph this data and manage this system at: https://landscape.canonical.com/ Last login: Wed Mar 23 02:07:29 2016 from 103.200.41.50

主机名@ QT:〜$

第五种方法

有时也会出现在串行控制台上工作的情况,然后在详细模式下检查上面的命令-v会显示/dev /tty不存在,而它确实存在。

在上面的例子中,只需删除/dev /tty并在/dev /tty中创建/dev /ttyS0的符号链接。

参考资料

本文由Ubuntu问答整理, 博文地址: https://ubuntuqa.com/article/6693.html,未经允许,请勿转载。

相关内容