ssh服务连接服务器异常

1. 问题1

1、背景

ansible批量安装Prometheus监控时存在个别主机ping命令时异常

10.xxx.xxx.xxx | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ED25519 key sent by the remote host is\nSHA256:u79JrY6CPeDHMC7THWhLeek/BvnZ4AmFFj37YrndGiw.\r\nPlease contact your system administrator.\r\nAdd correct host key in /root/.ssh/known_hosts to get rid of this message.\r\nOffending ECDSA key in /root/.ssh/known_hosts:70\r\nPassword authentication is disabled to avoid man-in-the-middle attacks.\r\nKeyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.\r\nUpdateHostkeys is disabled because the host key is not trusted.\r\n\nAuthorized users only. All activities may be monitored and reported.\nroot@10.223.225.161: Permission denied (publickey,gssapi-with-mic,password).",
    "unreachable": true
}

使用ssh连接时

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:5EA+FhrKm+TIVacBJhpOISexNpdmgY51FXFK6Ph4E98.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:64
Host key for xx.xxx.xxx.xxx has changed and you have requested strict checking.
Host key verification failed.

2、处理

使用ssh-keygen -R xx.xxx.xxx.xxx 重新拷贝公钥信息

ssh-keygen -R xx.xxx.xxx.xxx
Host xx.xxx.xxx.xxx not found in /root/.ssh/known_hosts

• 发现相关认证文件不存在，登陆到服务器上查看实际是存在的

3、处理办法

1. 重命名配置文件：mv /root/.ssh/known_hosts /root/.ssh/known_hosts-bak
2. 重新执行命令：ssh-keygen -R xxx.xxx.xxx.xxx
   

2. 问题2

个别服务存在密码错误或无效

密码无效/不正确：\n仅限授权用户。所有活动均可进行监测和报告。\n许可被拒绝，请重试。

• 使用ssh测试发现密码实际正确

解决办法

ansible_ssh_pass密码字段将密码使用双引号包裹起来ansible_ssh_pass="密码"
存在该现象的密码存在同一个现象，密码中有’#’ 符，可能时由于改特殊字符导致