如果您剛剛有研究過 SSH 的連線流程的話,會發現到當 client 端接受來自 server 端的 public key 之後,會主動的比對這支 Key 的正確性。而比對的檔案是 ~/.ssh/known_hosts 。 若是接受到的這支 public key 並沒有被紀錄在這檔案內,那麼上面表格的訊息, 就是要您回答 yes/no 的那個訊息才會出現~而您回答 yes 之後,該 public key 資訊就會被記錄起來,以留待下次登入同一部主機時的檢查之用啊! 如果 Server Key 與 ~/.ssh/known_hosts 比對成功, 那麼您就會直接進入等待密碼輸入的畫面, 那就不必每次都得要輸入 (yes/no) 囉~
不過,您或許也會發現一件事情啊,我們知道 SSH server 雖然使用 version 2 已經不會重複製造 server key (public key) 了,但是如果該主機重新安裝過新的 linux distributions 時, 那把 server key 就會被改變啊!而 client 又會去比對這個 public key 與 ~/.ssh/known_hosts , 此時 Client 就會發現兩者不同了,於是乎產生如下的錯誤訊息了:
這個錯誤訊息在告訴您,上次所登錄的遠端 SSH 主機的 Keys 已經被改過了(最可能的原因就是 Server 端重新開機/重新安裝/更新套件等等啦!), 所以無法繼續登入~呵呵!這個時候怎麼辦?很簡單啊!進入您的家目錄的 ~/.ssh 裡面,編輯一下 known_hosts ,將欲連接的主機名稱的 Key 給他消除,就可以重新連線啦!
上面表格的內容其實是同一行的~那一行代表『 localhost 這部主機,利用的是 ssh-rsa 連線機制, 而後續的資料則是那把 Server Key 的內容。』如果您確定這次的比對無法成功是正常的, 那麼您可以將這一行給他刪除,這樣下次要再登入時,就又會再次的出現問 (yes/no) 的畫面啊!
不過,您或許也會發現一件事情啊,我們知道 SSH server 雖然使用 version 2 已經不會重複製造 server key (public key) 了,但是如果該主機重新安裝過新的 linux distributions 時, 那把 server key 就會被改變啊!而 client 又會去比對這個 public key 與 ~/.ssh/known_hosts , 此時 Client 就會發現兩者不同了,於是乎產生如下的錯誤訊息了:
[root@linux ~]# <span class="term_command">ssh dmtsai@localhost</span> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is f8:ae:67:0e:f0:a0:3e:aa:d9:77:19:c9:2e:62:22:72. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:1 RSA host key for localhost has changed and you have requested strict checking. Host key verification failed. |
[root@linux ~]# <span class="term_command">vi ~/.ssh/known_hosts</span><br />localhost ssh-rsa AAAAB3NzaC1yc2Euowireffodjoiwjefmoeiwhoqhwupoi<br />t[egmlomowimvoiweo6VpTHTw2/tENp4U7Wn8J6nxYWP36YziFgxtWu4MPSKaRmr<br />E4eUpR1G/zV3TkChRZY5hGUybAreupTVdxCZvJlYvNiejfijoejwiojfijeoiwx5<br />eRkzvSj7a19vELZ5f8XhzH62E=<br /> |
reference
http://linux.vbird.org/linux_server/0310telnetssh.php
mlzboy@mlzboy-laptop:~$ ssh mao@192.168.0.4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
17:9c:ea:7f:03:2b:42:d4:bb:b2:76:47:51:01:ee:ef.
Please contact your system administrator.
Add correct host key in /home/mlzboy/.ssh/known_hosts to get rid of this message.
Offending key in /home/mlzboy/.ssh/known_hosts:3
RSA host key for 192.168.0.4 has changed and you have requested strict checking.
Host key verification failed.
mlzboy@mlzboy-laptop:~$ ssh mao@192.168.0.4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
17:9c:ea:7f:03:2b:42:d4:bb:b2:76:47:51:01:ee:ef.
Please contact your system administrator.
Add correct host key in /home/mlzboy/.ssh/known_hosts to get rid of this message.
Offending key in /home/mlzboy/.ssh/known_hosts:3
RSA host key for 192.168.0.4 has changed and you have requested strict checking.
Host key verification failed.
这个错误要注意,它告诉你是在~/.ssh/下的known_hosts的第3行出错了,因此打开这个文件,然后将它删除,之后就可以联上了
