在配置本机与docker容器实现ssh无密码访问时出现以下报错
# federico @ linux in ~ [18:35:52] C:127
$ sudo ssh-copy-id -i .ssh/id_rsa.pub 'root@172.18.0.2'
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!
ERROR: It is also possible that a host key has just been changed.
ERROR: The fingerprint for the ECDSA key sent by the remote host is
ERROR: SHA256:w5oT7ToJ13bcE9Aw4vvTk+8luy0xwjKJSaWhxSoHpdg.
ERROR: Please contact your system administrator.
ERROR: Add correct host key in /root/.ssh/known_hosts to get rid of this message.
ERROR: Offending ECDSA key in /root/.ssh/known_hosts:26
ERROR: remove with:
ERROR: ssh-keygen -f "/root/.ssh/known_hosts" -R 172.18.0.2
ERROR: ECDSA host key for 172.18.0.2 has changed and you have requested strict checking.
ERROR: Host key verification failed.
出现此报错后,我直接进入到docker容器中的用户家目录下的.ssh/目录下新建了authorized_keys文件并将我的宿主机公钥添加至此文件,但是连接过程中出现了以下的报错
$ ssh root@172.18.0.2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:w5oT7ToJ13bcE9Aw4vvTk+8luy0xwjKJSaWhxSoHpdg.
Please contact your system administrator.
Add correct host key in /home/federico/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/federico/.ssh/known_hosts:26
remove with:
ssh-keygen -f "/home/federico/.ssh/known_hosts" -R 172.18.0.2
ECDSA host key for 172.18.0.2 has changed and you have requested strict checking.
Host key verification failed.
出现此问题的原因及解决措施:
原因:
ssh会把你每个你访问过计算机的公钥(public key)都记录在~/.ssh/known_hosts。当下次访问相同计算机时,OpenSSH会核对公钥。如果公钥不同,OpenSSH会发出警告, 避免你受到DNS Hijack之类的攻击,我这次操作之所以会出现以上的报警就是因为我的以前的docker容器使用过这个ip并且设置过ssh通过秘钥登录,在实际工作中如果频繁的下线上线机器,而我们使用的私有ip一致很有可能出现同样的情况。
解决措施:
1. 手动删除修改known_hsots里面的内容;
2. 修改配置文件“~/.ssh/config”,加上这两行,重启服务器。
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
# federico @ linux in ~/.ssh [18:43:17]
$ > known_hosts
# federico @ linux in ~/.ssh [18:45:09] C:130
$ cat known_hosts
清空认证列表即可
# federico @ linux in ~ [18:55:00] C:1
$ ssh root@172.18.0.2
The authenticity of host '172.18.0.2 (172.18.0.2)' can't be established.
ECDSA key fingerprint is SHA256:w5oT7ToJ13bcE9Aw4vvTk+8luy0xwjKJSaWhxSoHpdg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.18.0.2' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-77-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@abd203cd27ba:~#
问题解决,现在我们可以成功连接
注释:背景为红色的字体为输入的命令,背景为蓝色的字体为输出信息。
本人新手,对技术时刻保持着敬畏之心,如有错误望有志之士告知,不胜感激!!!