运维百科

ssh远程主机秘钥失效的解决方法:WARNING: All keys were skipped because they already exist on the remote system

问题描述

A机器通过ssh-copy-id root@IP(B)添加了链接到B机器的ssh秘钥。但是某天,B机器的密码修改或者机器重装,此时,在A机器上再次ssh IP(B)会报类似如下错误


 ssh IP(B)

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

The ECDSA host key for kube-001 has changed,

and the key for the corresponding IP address 100.104.179.42

is unchanged. This could either mean that

DNS SPOOFING is happening or the IP address for the host

and its host key have changed at the same time.

Offending key for IP in /root/.ssh/known_hosts:7

  remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R 100.104.179.42

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the ECDSA key sent by the remote host is

82:14:68:63:20:52:0a:05:08:47:c1:fc:59:dc:d2:00.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Offending ECDSA key in /root/.ssh/known_hosts:4

  remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R kube-001

ECDSA host key for kube-001 has changed and you have requested strict checking.

Host key verification failed.

此时无法ssh到B,如果重新使用以下命令

ssh-copy-id root@IP(B)

会报错如下:

ssh-copy-id root@IP(B)

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed


/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.

(if you think this is a mistake, you may want to use -f option)



解决方法

ssh-keygen -R IP(B)

提示如下表示成功

ssh-keygen -R IP(B)

# Host kube-002 found: line 4 type ECDSA

/root/.ssh/known_hosts updated.

Original contents retained as /root/.ssh/known_hosts.old


本站部分资源收集于网络,纯个人收藏,无商业用途,如有侵权请及时告知!

2
分享到:

评论 0

取消
  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址