在配置本機與docker容器實現ssh無密碼訪問時出現以下報錯
# federico @ linux in ~ [18:35:52] C:127
$ sudo ssh-copy-id -i .ssh/id_rsa.pub 'root@172.18.0.2'
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!
ERROR: It is also possible that a host key has just been changed.
ERROR: The fingerprint for the ECDSA key sent by the remote host is
ERROR: SHA256:w5oT7ToJ13bcE9Aw4vvTk+8luy0xwjKJSaWhxSoHpdg.
ERROR: Please contact your system administrator.
ERROR: Add correct host key in /root/.ssh/known_hosts to get rid of this message.
ERROR: Offending ECDSA key in /root/.ssh/known_hosts:26
ERROR: remove with:
ERROR: ssh-keygen -f "/root/.ssh/known_hosts" -R 172.18.0.2
ERROR: ECDSA host key for 172.18.0.2 has changed and you have requested strict checking.
ERROR: Host key verification failed.
出現此報錯後,我直接進入到docker容器中的使用者家目錄下的.ssh/目錄下新建了authorized_keys檔案並將我的宿主機公鑰新增至此檔案,但是連線過程中出現了以下的報錯
$ ssh root@172.18.0.2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:w5oT7ToJ13bcE9Aw4vvTk+8luy0xwjKJSaWhxSoHpdg.
Please contact your system administrator.
Add correct host key in /home/federico/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/federico/.ssh/known_hosts:26
remove with:
ssh-keygen -f "/home/federico/.ssh/known_hosts" -R 172.18.0.2
ECDSA host key for 172.18.0.2 has changed and you have requested strict checking.
Host key verification failed.
出現此問題的原因及解決措施:
原因:
ssh會把你每個你訪問過計算機的公鑰(public key)都記錄在~/.ssh/known_hosts。當下次訪問相同計算機時,OpenSSH會核對公鑰。如果公鑰不同,OpenSSH會發出警告, 避免你受到DNS Hijack之類的攻擊,我這次操作之所以會出現以上的報警就是因為我的以前的docker容器使用過這個ip並且設定過ssh通過祕鑰登入,在實際工作中如果頻繁的下線上線機器,而我們使用的私有ip一致很有可能出現同樣的情況。
解決措施:
1. 手動刪除修改known_hsots裡面的內容;
2. 修改配置檔案“~/.ssh/config”,加上這兩行,重啟伺服器。
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
# federico @ linux in ~/.ssh [18:43:17]
$ > known_hosts
# federico @ linux in ~/.ssh [18:45:09] C:130
$ cat known_hosts
清空認證列表即可
# federico @ linux in ~ [18:55:00] C:1
$ ssh root@172.18.0.2
The authenticity of host '172.18.0.2 (172.18.0.2)' can't be established.
ECDSA key fingerprint is SHA256:w5oT7ToJ13bcE9Aw4vvTk+8luy0xwjKJSaWhxSoHpdg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.18.0.2' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-77-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@abd203cd27ba:~#
問題解決,現在我們可以成功連線
註釋:背景為紅色的字型為輸入的命令,背景為藍色的字型為輸出資訊。
本人新手,對技術時刻保持著敬畏之心,如有錯誤望有志之士告知,不勝感激!!!