在某次更換主機的公鑰之後,拿變更後的 ssh keygen 登入主機,卻發生登入錯誤訊息
ssh -i ~/.ssh/mykeygen.pem root@xxx.xx.xxx.xx
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Please contact your system administrator.
Add correct host key in /Users/elite/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/elite/.ssh/known_hosts:10
ECDSA host key for xxx.xx.xxx.xx has changed and you have requested strict checking.
Host key verification failed.
錯誤發生原因是因為之前成功連線到server的公鑰指紋紀錄,會寫入 known_host 中,以便於下次連線可直接跟遠端server指紋進行比對,但是目前發生無法對應錯誤
解決的方式如下:
直接移除 known_host 紀錄
開啟 known_host
vim ~/.ssh/known_hosts
(如果是使用 ssh-keygen -R xxx.xx.xxx.xx 方式來移除指紋,可能會遇到 Not replacing existing known_hosts file because of errors 錯誤,請直接參照上面方式,移除 known_host 文件中的 ip 及對應指紋紀錄即可)
搜尋 host ip 登入錯誤的訊息,並且刪除,再重新登入就會正常
再次登入,會再重新建立指紋,因此會看到提示,輸入 yes
ssh -i ~/.ssh/mykeygen.pem root@xxx.xx.xxx.xx
The authenticity of host 'xxx.xx.xxx.xx (xxx.xx.xxx.xx)' can't be established.
ECDSA key fingerprint is XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Are you sure you want to continue connecting (yes/no)?
接著就能正常登入