[已解决]SSH连接错误”REMOTE HOST IDENTIFICATION HAS CHANGED!”

在执行git pull拉取代码的时候提示WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!错误,完整的报错信息大概是这样的:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:dtZZDGJlgcbht1b************o9hsw4v18DM.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:1
RSA host key for git.***.com has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

意思大概是.ssh/known_hosts下的Host key不匹配造成的,事实上很多时候会出现这个问题,先来了解一下known_hosts记录的是什么?

每次使用SSH连接远端服务器,SSH会把你每个你访问过计算机的公钥public key都记录在~/.ssh/known_hosts。当下次访问相同计算机时,OpenSSH会核对公钥。如果公钥不同,OpenSSH会发出警告, 避免你受到DNS Hijackman-in-the-middle attack之类的攻击。

也就是当远端服务器的公钥public key发生变化时,OpenSSH会发现它的值跟本地存储的不一样,就会发出上面的错误提示,这时候有两种办法来解决:

  1. 手动删除known_hsots文件中对应服务器的那一段key;
  2. 修改配置文件~/.ssh/config,加上两行:
   StrictHostKeyChecking no 
   UserKnownHostsFile /dev/null 

推荐方法1,比较安全,方法2会忽略known_hsots验证,有安全隐患。

发表评论

电子邮件地址不会被公开。 必填项已用*标注