禁止ssh连接时的确认提示

如何不出现如下提示?

ssh deepin@10.20.9.193
The authenticity of host '10.20.9.193 (10.20.9.193)' can't be established.
ECDSA key fingerprint is SHA256:WGRtppPJg6SAz6/JMkN8LAiy5uFPoBjvIW8h0NNIn/s.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.20.9.193' (ECDSA) to the list of known hosts.
deepin@10.20.9.193's password:    我不想每次都有这个提示改如何设置?

执行策略

  1. 配置SSH客户端的全局配置文件:在本地机器上,找到SSH客户端的全局配置文件(通常位于/etc/ssh/ssh_config或/etc/ssh/config),并添加以下行:

    StrictHostKeyChecking no
UserKnownHostsFile /dev/null

    注意:这将禁用主机密钥的验证和记录,风险是可能无法检测到主机密钥的更改。

  2. 使用SSH命令行选项:每次使用SSH命令时,可以添加以下选项来跳过主机密钥验证:

    ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null deepin@10.20.9.193

    这将在命令行中设置选项,以便在连接时跳过主机密钥验证。

修改配置

修改/etc/ssh/ssh_config如下:

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication no
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null
posted @ 2024-04-29 13:34  babyfengfjx  阅读(45)  评论(0编辑  收藏  举报