第一次登入的情況
[root@xx1 ~]# ssh 1.1.1.1
The authenticity of host ‘1.1.1.1 (1.1.1.1)’ can’t be established.
RSA key fingerprint is 5d:72:df:77:24:a9:80:e6:d1:23:68:4f:d9:42:6b:44.
Are you sure you want to continue connecting (yes/no)?
第二次登入,但已是不同key了的情況
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
e1:9b:5c:16:a6:cd:11:10:3a:cd:1b:a2:16:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
RSA host key for 1.1.1.1 has changed and you have requested strict checking.
Host key verification failed.
第一個是我要打yes後才可以登入,
第二個是我要先進 /root/.ssh/known_hosts 去刪除第一行後,重新yes後才可以登入
很麻煩
會很麻煩的原因是,假如我今天管理一台以上的主機,且key變動的頻率可能不低的時後,就可想而知了
所以可以使用
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no [email protected]
來忽略 key的檢查,known_hosts裡也不會有記錄
不過還是要移除 .ssh/known_hosts裡已是不對的key才好,為了安全性
ssh-keygen -R 1.1.1.1
ref: http://www.cyberciti.biz/faq/linux-appleosx-howto-disable-ssh-host-key-checking/
留言