我有一个Debian Jessie服务器,我想validation有关DNS SSHFPlogging的SSH HostKey。 我只提供ed25519和rsaalgorithm连接到服务器。 我已经伪装服务器FQDN kronos.example.local。
我使用这个命令来生成ed25519algorithm的指纹
root@kronos:~# ssh-keygen -r kronos.example.local -f /etc/ssh/ssh_host_ed25519_key kronos.example.local IN SSHFP 4 1 f6291b4afb2b18cb3042e9dc01bd15efca7f5d5e kronos.example.local IN SSHFP 4 2 7b2e9286d0969618ccb88d954587ac82f2ad471c34d07d25d91f9905b86f152d 而这一个为RSA
root@kronos:~# ssh-keygen -r kronos.example.local -f /etc/ssh/ssh_host_rsa_key kronos.example.local IN SSHFP 1 1 365f966468f59ed889fb9d94c25f8f6cb858aa7a kronos.example.local IN SSHFP 1 2 162f0117baae8380427698ba8800bdef36e150e6014f220b568d85445832d050
我用挖来检查我的客户机上的logging。
volker@vm23 ~ $ dig SSHFP kronos.example.local ;; ANSWER SECTION: kronos.example.local. 600 IN SSHFP 1 2 162F0117BAAE8380427698BA8800BDEF36E150E6014F220B568D8544 5832D050 kronos.example.local. 600 IN SSHFP 4 2 7B2E9286D0969618CCB88D954587AC82F2AD471C34D07D25D91F9905 B86F152D kronos.example.local. 600 IN SSHFP 4 1 F6291B4AFB2B18CB3042E9DC01BD15EFCA7F5D5E kronos.example.local. 600 IN SSHFP 1 1 365F966468F59ED889FB9D94C25F8F6CB858AA7A
SSHFPlogging是正确的,我添加设置StrictHostKeyChecking和VerifyHostKeyDNS在我的SSHconfiguration来validation有关SSHFPlogging的SSH指纹。
Host kronos Hostname kronos.example.local Port 30 User root Compression yes IdentityFile ~/.ssh/ssh.key PasswordAuthentication no PubkeyAuthentication yes RSAAuthentication no StrictHostKeyChecking yes VerifyHostKeyDNS yes
现在,当我想连接到服务器,我得到一个错误,我的SSH客户端无法build立连接,因为指纹是错误的?
volker@vm23 ~ $ ssh kronos No ED25519 host key is known for [kronos.example.local]:30 and you have requested strict checking. Host key verification failed.
为什么我得到这个错误,我不知道我做错了什么。
编辑:
当我刷新known_hosts文件并再次连接时,我得到提供指纹的这条消息。
The authenticity of host '[kronos.example.local]:30 ([192.168.2.100]:30)' can't be established. ED25519 key fingerprint is SHA256:ey6ShtCWlhjMuI2VRYesgvKtRxw00H0l2R+ZBbhvFS0.