更新 known_host 內容
當你使用ssh用戶端登入IP或網域名稱,發生如下的警告而無法登入:
[danny@lab-p5e-vm ~]$ ssh root@192.168.9.86
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:ifadanbrGuSaIBz00KO8GvU2FyxvCBNLtSpjL+pngxs.
Please contact your system administrator.
Add correct host key in /home/danny/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/danny/.ssh/known_hosts:22
ECDSA host key for 192.168.9.86 has changed and you have requested strict checking.
Host key verification failed.
[danny@lab-p5e-vm ~]$
這主要的原因為與ssh server連接的公鑰指紋碼已經變更,與儲存公鑰指紋碼的known_hosts內容不同而無法登入,
那要如何才能登入?首先你要先用指令將已儲存該網域/IP的公鑰指紋碼移除:
ssh-keygen -R 192.168.9.86
之後再重新登入就會再詢問你要不要儲存新的公鑰指紋碼:
[danny@lab-p5e-vm ~]$ ssh root@192.168.9.86
The authenticity of host '192.168.9.86 (192.168.9.86)' can't be established.
ECDSA key fingerprint is SHA256:ifadanbrGuSaIBz00KO8GvU2FyxvCBNLtSpjL+pngxs.
Are you sure you want to continue connecting (yes/no)?
此時再按下yes就會將新的公鑰指紋碼儲存後更新,再輸入登入密碼就完成登入。
參考資料
關鍵字:REMOTE HOST IDENTIFICATION HAS CHANGED