我有一个连接到我的SSH主机的问题。 我一直在详细模式下收到此消息:
OpenSSH_7.2p2, LibreSSL 2.4.1 debug1: Reading configuration data /Users/me/.ssh/config debug1: /Users/me/.ssh/config line 4: Applying options for *.ta.local debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 20: Applying options for * debug1: Connecting to <host_name> [<host_ip>] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /Users/me/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/me/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/me/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/me/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/me/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/me/.ssh/id_ecdsa-cert type -1 debug1: identity file /Users/me/.ssh/id_ed25519 type 4 debug1: key_load_public: No such file or directory debug1: identity file /Users/me/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3 debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000 debug1: Authenticating to >host_ip>:22 as 'me' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: [email protected] debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:+Wl92PcQ6xQSAtNdxvAeBWExxDXl6NM0M4i6dUEvVA0 The authenticity of host '<host_name> (<host_ip>)' can't be established. ECDSA key fingerprint is SHA256:+Wl92PcQ6xQSAtNdxvAeBWExxDXl6NM0M4i6dUEvVA0. Are you sure you want to continue connecting (yes/no)? Host key verification failed. 仅供参考:在粘贴的痕迹中,我replace了用户名,主机和ip …以防万一有人感到困惑。
这是我的ssh_config:
Host * SendEnv LANG LC_* # Host * # ForwardAgent no # ForwardX11 no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 # Protocol 2 # Cipher 3des # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160 # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h
我读了很多关于主键可能已经改变,因为我上次login。 所以我已经尝试删除known_hosts文件中的条目,无论ssh服务器如何,都仍然会收到该错误。
任何想法我可能在这里错了吗?
更多信息:我最近更新了mac os到sierra。 也许是相关的。
你可能知道,指纹变化可能意味着你处在中间人的攻击下,所以首先要记住这一点。
什么是SSH密钥指纹?它是如何产生的? :
指纹是基于主机的公钥,通常基于“/etc/ssh/ssh_host_rsa_key.pub”通常是为了便于识别/validation您连接的主机。
如果指纹发生变化,您连接的机器已更改其公钥。 这可能不是一件坏事(通过重新安装ssh发生),但也可能表明您正在连接到同一个域/ IP上的其他计算机(发生在通过类似负载均衡器的连接时)或者您被攻击的目标是中间人攻击,攻击者以某种方式拦截/重新路由你的ssh连接,以连接到另一个可能窥探你的用户/主机的主机。
所以,如果你现在确定服务器是安全的,我会build议手动连接和acepting新指纹,因为它似乎是最容易解决您的问题。