SSH连接错误”REMOTE HOST IDENTIFICATION HAS CHANGED!”

在执行git pull拉取代码的时候提示WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!错误，完整的报错信息大概是这样的：

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:dtZZDGJlgcbht1b************o9hsw4v18DM.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:1
RSA host key for git.***.com has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

意思大概是.ssh/known_hosts下的Host key不匹配造成的，事实上很多时候会出现这个问题，先来了解一下known_hosts记录的是什么？

每次使用SSH连接远端服务器，SSH会把你每个你访问过计算机的公钥public key都记录在~/.ssh/known_hosts。当下次访问相同计算机时，OpenSSH会核对公钥。如果公钥不同，OpenSSH会发出警告， 避免你受到DNS Hijack，man-in-the-middle attack之类的攻击。

也就是当远端服务器的公钥public key发生变化时，OpenSSH会发现它的值跟本地存储的不一样，就会发出上面的错误提示，这时候有两种办法来解决：

1. 手动删除known_hsots文件中对应服务器的那一段key；
2. 修改配置文件~/.ssh/config，加上两行：

   StrictHostKeyChecking no 
   UserKnownHostsFile /dev/null 

推荐方法1，比较安全，方法2会忽略known_hsots验证，有安全隐患。