使用ssh连接Linux服务器出错

使用iTerm通过ssh连接服务器是突然提示「WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!」的报错

提示的错误内容如下：

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:1XUUINS5LvUKO3ZCyLfsdeKQGvx2K+LGrH6SnzWmNCs.
Please contact your system administrator.
Add correct host key in /Users/dengmin/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/dengmin/.ssh/known_hosts:1
ECDSA host key for 116.xx.xx.xx has changed and you have requested strict checking.
Host key verification failed.

百度后发现，这是由于本地存储的认证文件不匹配导致的，客户端通过ssh第一次连接服务器时会产生一个用于安全连接的认证文件存储在known_hosts中

如果这个连接的这个服务器进行重置后，再次通过ssh连接该服务器是，会导致这个认证文件失效而无法进行认证。

如何解决

可以通过ssh-keygen -l -f ~/.ssh/known_hosts命令进行查看本地已经存储的认证文件

输入后会出现以下内容

256 SHA256:o8QGHET9xDxRV73lQXt5ufsdfsXigpXFA+wn1Nh6FZA 116.62.123.12 (ECDSA)
256 SHA256:SEEkfhEDw52J+fdswss/yaSzywkPASXZ8m1dxo930Rw 192.168.x.xxx (ECDSA)
256 SHA256:/xXu6aBKRkM7dD8qYr0hnOfIzd1asdffOJfPRNiNeX0 116.62.xxx.xx (ECDSA)

找到自己连接的服务器的ip地址，以116.62.123.12为例。输入ssh-keygen -R 116.62.123.12，用来转换身份验证密钥。

输入后会出现以下内容

# Host 116.62.123.12 found: line 1
/Users/root/.ssh/known_hosts updated.
Original contents retained as /Users/root/.ssh/known_hosts.old

此时你的认证的密钥文件就已经更新，之前的密钥就会保存为 known_hosts.old

再通过 ssh -p22 root@116.62.123.12命令去连接服务器

root@rootdeMacBook-Pro  ~  ssh -p22 root@116.62.123.12
The authenticity of host '116.62.123.12 (116.62.123.12)' can't be established.
ECDSA key fingerprint is SHA256:1XUUINS5Lvsdfadf@WDFSAMKQGvx2K+LGrH6SnzWmNCs.
Are you sure you want to continue connecting (yes/no)? yes

会提示无法确认服务器的真实性，但并不影响连接，输入yes后就可以正常连接了。