300字范文 > ssh连接报错“WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED“问题原因及解决方法

ssh连接报错“WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED“问题原因及解决方法

时间：2019-04-06 11:49:50

一、问题描述

用Ansible的ping模块测试主机连通性时，第一次ping过主机192.168.18.80，但该主机有点问题，将它下线，换了一台新的替换它，然后再次ping 192.168.18.80时，出现如下所示的错误信息

[root@server ~]# ansible all -m ping192.168.18.80 | UNREACHABLE! => {"changed": false,"msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ECDSA key sent by the remote host is\nSHA256:zbEO7l6AqnhvNiZvVoy5KcYGHrn10CJw0ul169LeyHU.\r\nPlease contact your system administrator.\r\nAdd correct host key in /root/.ssh/known_hosts to get rid of this message.\r\nOffending ECDSA key in /root/.ssh/known_hosts:2\r\nPassword authentication is disabled to avoid man-in-the-middle attacks.\r\nKeyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.\r\nroot@192.168.18.80: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).","unreachable": true}

用ssh远程连接时，则出现如下所示错误

[root@server ~]# ssh 192.168.18.80@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!Someone could be eavesdropping on you right now (man-in-the-middle attack)!It is also possible that a host key has just been changed.The fingerprint for the ECDSA key sent by the remote host isSHA256:zbEO7l6AqnhvNiZvVoy5KcYGHrn10CJw0ul169LeyHU.Please contact your system administrator.Add correct host key in /root/.ssh/known_hosts to get rid of this message.Offending ECDSA key in /root/.ssh/known_hosts:2ECDSA host key for 192.168.18.80 has changed and you have requested strict checking.Host key verification failed.

二、问题原因

前后两个错误均提示host key has just been changed和REMOTE HOST IDENTIFICATION HAS CHANGED!

中文意思就是远程主机标识已更改。

SSH远程连接主机的标识默认保存在~/.ssh/known_hosts 中，每次访问时都会到此处对比主机标识是否相同，若不相同，则提示错误或警告，目的是防止中间人攻击。

三、解决办法

删除~/.ssh/known_hosts 中对应IP所在行的信息即可，如下图所示

[root@server ~]# vim ~/.ssh/known_hosts192.168.18.99 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGEsej5rHzUx+GX65oiHKfOqDqFP2OdNhb0i80Hns0b2TObWTQMvscKjaryuh2oZbq+Esekhn98HXDNc30aEjzA=192.168.18.199 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHhaJ4VDE3HxK1AcsHNac4MTjv4IUauTLazQDwgh6lhCIt0qN5Zjj0+rh+isAZYOXdBp4S8K5p/YkTXalmU0CHQ=192.168.18.80 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHKpwuBsqrI1ogpSvLkJKJpKcXIO49sJJH3gJmykHWOp3cqfekCpXIppiEzhKslxgFEmd971DILXrpPguDEQ3UE=

本内容不代表本网观点和政治立场，如有侵犯你的权益请联系我们处理。

网友评论

网友评论仅供其表达个人看法，并不表明网站立场。