ssh远程主机秘钥失效的解决方法

问题描述

A机器通过ssh-copy-id root@IP(B)添加了链接到B机器的ssh秘钥。但是某天，B机器的密码修改或者机器重装，此时，在A机器上再次ssh IP(B)会报类似如下错误

 ssh IP(B)
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for kube-001 has changed,
and the key for the corresponding IP address 100.104.179.42
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /root/.ssh/known_hosts:7
  remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R 100.104.179.42
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
82:14:68:63:20:52:0a:05:08:47:c1:fc:59:dc:d2:00.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:4
  remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R kube-001
ECDSA host key for kube-001 has changed and you have requested strict checking.
Host key verification failed.

此时无法ssh到B，如果重新使用以下命令

ssh-copy-id root@IP(B)

会报错如下：

ssh-copy-id root@IP(B)
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.

解决方法

ssh-keygen -R IP(B)

提示如下表示成功

ssh-keygen -R IP(B)
# Host kube-002 found: line 4 type ECDSA
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old