今天终端远程登录服务器是发现用hostname登录报如下错误:
$ ssh hadoop@host1
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for host1 has changed,
and the key for the corresponding IP address 192.168.114.219
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /Users/hemlong/.ssh/known_hosts:53
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:vYiRro1Z4Udjsqv2x9yV2/YsxW6oMp1D4DjJ2HzKvRo.
Please contact your system administrator.
Add correct host key in /Users/hemlong/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/hemlong/.ssh/known_hosts:7
RSA host key for host1 has changed and you have requested strict checking.
Host key verification failed.
原因:早先修改了远程服务器的登录密码导致客户端终端远程连接失败!
解决:使用命令ssh-keygen -R [hostname] 删除~/.ssh/known_hosts中关于服务器旧的ssh免密登录密钥即可,或者也可vi编辑known_hosts文件手动删除。
关于ssh-keygen 一些用法,使用man查询ssh-keygen用法可知:
-R hostname
Removes all keys belonging tohostname from a known_hosts file.
This option is useful to delete hashed hosts (see the -H option
above).
从known_hosts文件中删除属于hostname的所有密钥,此选项用于删除散列主机(请参阅-H选项)。
-H Hash a known_hosts file. This replaces all hostnames and
addresses with hashed representations within the specified file;
the original content is moved to a file with a .old suffix.
These hashes may be used normally by ssh and sshd, but they do
not reveal identifying information should the file's contents be
disclosed. This option will not modify existing hashed hostnames
and is therefore safe to use on files that mix hashed and non-
hashed names.
取代所有的主机名和在指定文件中具有hash表示的地址;原始内容将被移至具有.old后缀的文件。