解决Ssh/Scp报错：Someone Could Be Eavesdropping On You Right Now (Man-In-The-Middle Attack)!

解决SSH/Scp报错：Someone Could Be Eavesdropping On You Right Now (Man-In-The-Middle Attack)!

 

主要现象：ssh/scp 失败，host key verification failed.

 

# scp /home/iso/********.iso root@192.168.1.***:/home/  
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @  
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!  
Someone could be eavesdropping on you right now (man-in-the-middle attack)!  
It is also possible that a host key has just been changed.  
The fingerprint for the ECDSA key sent by the remote host is  
df:33:37:b6:7b:c9:e5:19:65:f7:38:ad:94:b2:9e:36.  
Please contact your system administrator.  
Add correct host key in /root/.ssh/known_hosts to get rid of this message.  
Offending ECDSA key in /root/.ssh/known_hosts:1  
ECDSA host key for 192.168.1.*** has changed and you have requested strict checking.  
Host key verification failed.  
lost connection 

 

从报错信息看是因为目标主机key【比如重做系统或者还原】与已保存的key不同导致认证失败！

key算法为ECDSA，百度可知为椭圆曲线数字签名算法。详情请自查。

解决办法：删除留存的秘钥

# rm -f  /root/.ssh/known_hosts  

测试一下：

 

# scp /home/iso/********.iso root@192.168.1.***:/home/  
The authenticity of host '192.168.1.*** (192.168.1.***)' can't be established.  
ECDSA key fingerprint is df:33:37:b6:7b:c9:e5:19:65:f7:38:ad:94:b2:9e:36.  
Are you sure you want to continue connecting (yes/no)? yes  
Warning: Permanently added '192.168.1.***' (ECDSA) to the list of known hosts.  
root@192.168.1.***'s password:   
********.iso                                                                        100% 3239MB  81.0MB/s   00:40