關於網路那些事...

網路行銷,SEO,網路趨勢,教學文章,網頁設計,生活時事

使用正確 ssh pem keygen 仍無法登入問題:Host key verification failed. 解決方式

在某次更換主機的公鑰之後,拿變更後的 ssh keygen 登入主機,卻發生登入錯誤訊息

ssh -i ~/.ssh/mykeygen.pem root@xxx.xx.xxx.xx
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Please contact your system administrator.
Add correct host key in /Users/elite/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/elite/.ssh/known_hosts:10
ECDSA host key for xxx.xx.xxx.xx has changed and you have requested strict checking.
Host key verification failed.

錯誤發生原因是因為之前成功連線到server的公鑰指紋紀錄,會寫入 known_host 中,以便於下次連線可直接跟遠端server指紋進行比對,但是目前發生無法對應錯誤

解決的方式如下:

直接移除 known_host 紀錄

開啟 known_host

vim  ~/.ssh/known_hosts

(如果是使用 ssh-keygen -R xxx.xx.xxx.xx 方式來移除指紋,可能會遇到 Not replacing existing known_hosts file because of errors 錯誤,請直接參照上面方式,移除 known_host 文件中的 ip 及對應指紋紀錄即可)

搜尋 host ip 登入錯誤的訊息,並且刪除,再重新登入就會正常

再次登入,會再重新建立指紋,因此會看到提示,輸入 yes

ssh -i ~/.ssh/mykeygen.pem root@xxx.xx.xxx.xx
The authenticity of host 'xxx.xx.xxx.xx (xxx.xx.xxx.xx)' can't be established.
ECDSA key fingerprint is XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Are you sure you want to continue connecting (yes/no)?

接著就能正常登入


如果這篇文章對你有幫助,請在這裡點個讚



最新文章推薦