禁止ssh連線時的確認提示

babyfengfjx發表於2024-04-29

如何不出現如下提示?

ssh deepin@10.20.9.193
The authenticity of host '10.20.9.193 (10.20.9.193)' can't be established.
ECDSA key fingerprint is SHA256:WGRtppPJg6SAz6/JMkN8LAiy5uFPoBjvIW8h0NNIn/s.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.20.9.193' (ECDSA) to the list of known hosts.
deepin@10.20.9.193's password:    我不想每次都有這個提示改如何設定?

執行策略

  1. 配置SSH客戶端的全域性配置檔案:在本地機器上,找到SSH客戶端的全域性配置檔案(通常位於/etc/ssh/ssh_config或/etc/ssh/config),並新增以下行:

    StrictHostKeyChecking no
UserKnownHostsFile /dev/null

    注意:這將禁用主機金鑰的驗證和記錄,風險是可能無法檢測到主機金鑰的更改。

  2. 使用SSH命令列選項:每次使用SSH命令時,可以新增以下選項來跳過主機金鑰驗證:

    ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null deepin@10.20.9.193

    這將在命令列中設定選項,以便在連線時跳過主機金鑰驗證。

修改配置

修改/etc/ssh/ssh_config如下:

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication no
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

相關文章