使用CMDB自动发现探测网络设备时,有几台网络设备明明网络、策略都没问题,但就是探测失败,后使用服务器直接ssh登录发现报如下错误:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:*** Please contact your system administrator. Add correct host key in /home/***/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/***/.ssh/known_hosts:64ECDSA host key for 172.*.*.* has changed and you have requested strict checking. Host key verification failed.
根据提示信息显示,远程主机的公钥已被更改,因此无法连接远程主机。在使用 ssh 连接时,会将远程主机提供的公钥存储在本地 $HOME/.ssh/known_hosts 文件中。而如果远程主机的公钥信息被更改了,则由于本地公钥信息与远程主机的不匹配而无法连接,此时只需删除本地存储的公钥信息即可。
按如下操作删除原有公钥后再次连接,提示询问时输入 yes 即可登录远程主机
[salt@master ~]$ ssh-keygen -R 172.*.*.* # Host 172.*.*.* found: line 64 /home/***/.ssh/known_hosts updated. Original contents retained as /home/salt/.ssh/known_hosts.old [salt@master ~]$ ssh log@172.*.*.* The authenticity of host '172.*.*.* (172.*.*.*)' can't be established. ECDSA key fingerprint is SHA256:*** Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.*.*.*' (ECDSA) to the list of known hosts. log@172.*.*.*'s password:
也可进入 $HOME/.ssh/known_hosts 文件中手动删除相应的原有公钥信息。
- 本文固定链接: https://www.coordsoft.com/post/27.html
- 转载请注明: admin 于 生活随想 - zwgu 's world 发表
《本文》有 0 条评论