错误信息
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:zy3OJxxxx
Please contact your system administrator.
Add correct host key in /Users/ui/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/ui/.ssh/known_hosts:1
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
UpdateHostkeys is disabled because the host key is not trusted.
root@192.168.125.45: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
scp: Connection closed
Pseudo-terminal will not be allocated because stdin is not a terminal.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:zy3OJxxxx
Please contact your system administrator.
Add correct host key in /Users/ui/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/ui/.ssh/known_hosts:1
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
UpdateHostkeys is disabled because the host key is not trusted.
错误原因
这是一个SSH安全检查错误。当第一次连接到一台新的SSH服务器时,服务器的公钥会被存储在本地计算机的
~/.ssh/known_hosts
文件中。每次你再连接到该服务器时,SSH会检查服务器的公钥是否与存储的匹配。如果公钥发生变化,就会出现这个错误,提示可能存在安全问题(例如中间人攻击)
导致出现这个情况是因为,我之前连接过这台服务器,但是这次使用其它方式登录,不使用到原本已经存储在本地的密钥,导致检查出现问题
解决方案
在
scp
和ssh
命令中使用-o StrictHostKeyChecking=no
,禁用主机密钥检查并自动接受新的主机密钥。
请注意,这样做会降低连接的安全性,因此最好在安全的环境下使用。
# 使用 -o StrictHostKeyChecking=no 禁用检查
ssh -o StrictHostKeyChecking=no
# 使用 -T -o UserKnownHostsFile=/dev/null和-o StrictHostKeyChecking=no 禁用检查并避免相关警告
ssh -T -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no