我刚刚重新启动了我的Ubuntu 16.04服务器,并开始得到错误“警告:远程主机标识已更改!” 当试图使用DNS名称ssh [email protected] 。 我最初只是删除known_hosts条目,并再次尝试,但我意识到它实际上是不接受我的密码。
使用IP地址做ssh [email protected]仍然有效,甚至我的无密码login仍然有效。
这是nslookup myserver.lan的输出,它显示DNS正在返回正确的地址:
Server: 192.168.1.2 Address: 192.168.1.2#53 Name: myserver.lan Address: 192.168.1.2
这是`ssh [email protected]'的详细输出,它成功了:
OpenSSH_6.9p1, LibreSSL 2.1.8 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: /etc/ssh/ssh_config line 56: Applying options for * debug1: Connecting to 192.168.1.2 [192.168.1.2] port 22. debug1: Connection established. debug1: identity file /Users/jimbo/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 192.168.1.2:22 as 'me' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client [email protected] <implicit> none debug1: kex: client->server [email protected] <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ZOO3YXwox2kHpLokBRXzPvuUFPOrposhAgnpQCaZ5+I The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established. ECDSA key fingerprint is SHA256:ZOO3YXwox2kHpLokBRXzPvuUFPOrposhAgnpQCaZ5+I. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.2' (ECDSA) to the list of known hosts. debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/jimbo/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentication succeeded (publickey). Authenticated to 192.168.1.2 ([192.168.1.2]:22). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: client_input_global_request: rtype [email protected] want_reply 0 debug1: Sending environment. debug1: Sending env LANG = en_GB.UTF-8 Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-78-generic x86_64)
这是ssh [email protected]的详细输出,它失败了,并且不能识别我的密码:
OpenSSH_6.9p1, LibreSSL 2.1.8 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: /etc/ssh/ssh_config line 56: Applying options for * debug1: Connecting to myserver.lan [::1] port 22. debug1: Connection established. debug1: identity file /Users/jimbo/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9 debug1: match: OpenSSH_6.9 pat OpenSSH* compat 0x04000000 debug1: Authenticating to myserver.lan:22 as 'me' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client [email protected] <implicit> none debug1: kex: client->server [email protected] <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:WDp/1JiHcWk6Lpcgfrl+/pDbSmdFxVTZFDfVhTEqBCg debug1: Host 'myserver.lan' is known and matches the ECDSA host key. debug1: Found key in /Users/jimbo/.ssh/known_hosts:5 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/jimbo/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /Users/jimbo/.ssh/id_dsa debug1: Trying private key: /Users/jimbo/.ssh/id_ecdsa debug1: Trying private key: /Users/jimbo/.ssh/id_ed25519 debug1: Next authentication method: keyboard-interactive Password:
正如你所看到的,返回的主机密钥是不同的。 当使用主机名与IP地址时,这是否正确,期望不同的密钥。 我可以采取的下一步措施是什么?
它看起来像ssh是解决主机名到本地,因为我得到相同的主机密钥时,sshing本地主机。
我的主机文件基本上是空的:
127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost
但host myserver.lan返回这个。 这与IPv6configuration有关吗?
host myserver.lan myserver.lan has address 192.168.1.2 myserver.lan has IPv6 address ::1
这是dig @192.168.1.2 myserver.lan的输出
; <<>> DiG 9.8.3-P1 <<>> @192.168.1.2 myserver.lan ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32577 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;myserver.lan. IN A ;; ANSWER SECTION: myserver.lan. 604800 IN A 192.168.1.2 ;; AUTHORITY SECTION: myserver.lan. 604800 IN NS ns.myserver.lan. ;; ADDITIONAL SECTION: ns.myserver.lan. 604800 IN A 192.168.1.2 ;; Query time: 21 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Sun May 21 13:34:41 2017 ;; MSG SIZE rcvd: 79
和服务器上的绑定configuration文件:
; ; BIND data file for myserver $TTL 604800 @ IN SOA myserver.lan. root.myserver.lan. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN A 192.168.1.2 ; @ IN NS ns.myserver.lan. @ IN A 192.168.1.2 @ IN AAAA ::1 ns IN A 192.168.1.2
PS我有一个Windows笔记本电脑,它仍然能够使用主机名login到服务器。 只有我的Mac似乎受到影响。
该问题是由不正确的DNSconfiguration引起的。 ssh客户端使用IPv6,“myserver.lan”正在parsing为[:: 1]。 您需要从您的区域configuration文件中删除AAAA :: 1logging并重新启动named。