事情是这样的,刚刚在 PowerShell 中使用 SSH 连接一台运行在虚拟机中的 Ubuntu 主机,然后提示主机指纹信息验证失败,可能遭受中间人攻击:
PS C:\Users\86188> ssh -l mk 192.168.88.128
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:xGND4WU3/ONKL9tz4XKvXqrzisqD34/JuaNk1RtuApo.
Please contact your system administrator.
Add correct host key in C:\\Users\\86188/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in C:\\Users\\86188/.ssh/known_hosts:5
ECDSA host key for 192.168.88.128 has changed and you have requested strict checking.
Host key verification failed.
呃,我回想了一下,之前复制过一台 Ubuntu 虚拟机,其 IP 地址和我现在这台一样。
估计是因为我曾经连接过那一台虚拟机,在用户目录下的 .ssh\known_hosts 文件中保存了它的指纹信息,导致这次连接这台新的虚拟机时,SSH 检测到指纹信息不匹配,才出现这种提示。
如果真的是这样,那么我只要删除 .ssh\known_hosts 文件中相关的指纹信息,应该就可以解决这个问题。
在 PowerShell 中使用 Get-Content
命令查看 .ssh\known_hosts 文件中的指纹信息:
PS C:\Users\86188\.ssh> Get-Content .\known_hosts
****** # 其他指纹信息
192.168.88.128 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGhhhMvqg0UZXfE+Ao//g9o8BXQr2VHCYPO4wttAs1CsDLtpYebOR/dLsQpudp50dESivx3OBM+hlokkoMKr3AQ=
****** # 其他指纹信息
果然有一条关于 192.168.88.128 主机的指纹信息。编辑文件,将其删除。
然后,重新使用 SSH 尝试连接 192.168.88.128 主机:
PS C:\Users\86188\.ssh> ssh -l mk 192.168.88.128
The authenticity of host '192.168.88.128 (192.168.88.128)' can't be established.
ECDSA key fingerprint is SHA256:xGND4WU3/ONKL9tz4XKvXqrzisqD34/JuaNk1RtuApo.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.88.128' (ECDSA) to the list of known hosts.
mk@192.168.88.128's password: ******
Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-27-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
39 updates can be applied immediately.
To see these additional updates run: apt list --upgradable
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
嗯,顺利连上。