范例:移除旧的主机密钥故障-2024.6.14(已解决)
范例:移除旧的主机密钥故障-2024.6.14(已解决)
问题现象
root@dmz-cvm02:~# scp CAS-E0730P11-Upgrade-ubuntu-x86_64.tar.gz root@192.168.1.100:~
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
e3:98:cd:41:b3:bb:d0:69:e6:c0:f5:a2:2f:c4:e4:af.
Please contact your system administrator.
Add correct host key in /root/.ssh/know_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/know_hosts:20
remove with: ssh-keygen -f "/root/.ssh/know_hosts" -R 192.168.1.100
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
Authorized users only. All activity may be monitored and reported
Permission denied (publickey,password).
lost connection
这个错误信息表示在你尝试通过 scp
命令连接到远程主机时,发现远程主机的密钥指纹与之前存储在你的 known_hosts
文件中的记录不匹配。这可能是由于远程主机的 SSH 密钥更换了,或者这是一个潜在的中间人攻击警告。
要解决这个问题,请按照以下步骤操作:
1. 移除旧的主机密钥
根据错误信息中的提示,运行以下命令来移除旧的主机密钥:
ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.1.100
这将从你的 known_hosts
文件中移除与 192.168.1.100
相关的旧密钥。
2. 尝试重新连接
再次尝试使用 scp
命令,这次系统会提示你接受新的主机密钥:
scp CAS-E0730P11-Upgrade-ubuntu-x86_64.tar.gz root@192.168.1.100:~
你会看到类似如下的提示:
The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
ECDSA key fingerprint is e3:98:cd:41:b3:bb:d0:69:e6:c0:f5:a2:2f:c4:e4:af.
Are you sure you want to continue connecting (yes/no)?
输入 yes
然后按下回车键,这样新的主机密钥会被添加到你的 known_hosts
文件中。