Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "what to do with Host key verification failed when SSH connection occurs". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

When SSH connects, Host key verification failed.

[root@db test] # ssh 11.16.1.10

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that the RSA host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

05:25:84:ea:dd:92:3d:80:ce:ad:5b:79:58:8e:c9:12.

Please contact your system administrator.

Add correct host key in / root/.ssh/known_hosts to get rid of this message.

Offending key in / root/.ssh/known_hosts:10

RSA host key for 11.16.1.10 has changed and you have requested strict checking.

Host key verification failed.

= =

Reason

= =

Anyone who uses OpenSSH knows that ssh will record the public key (public key) of every computer you have visited in ~ /. Ssh/known_hosts. The next time you access the same computer, OpenSSH checks the public key. If the public key is different, OpenSSH will issue a warning to protect you from DNS Hijack and the like.

Anyone who uses OpenSSH knows that ssh will record the public key (public key) of every computer you have visited in ~ /. Ssh/known_hosts. The next time you access the same computer, OpenSSH checks the public key. If the public key is different, OpenSSH will issue a warning to protect you from DNS Hijack and the like.

The level at which SSH checks the host's public_key is configured according to the StrictHostKeyChecking variable. By default, StrictHostKeyChecking=ask. Simply put down its three configuration values:

1.StrictHostKeyChecking=no

# the most insecure level, of course, there are not so many annoying tips. It is recommended to use a relatively secure intranet. If the key connected to the server does not exist locally, it is automatically added to the file (the default is known_hosts) and a warning is given.

The default level of 2.StrictHostKeyChecking=ask # is the prompt just appeared. If the connection and key do not match, give a prompt and refuse to log in.

3.StrictHostKeyChecking=yes # the most secure level, if the connection does not match the key, the connection is rejected without prompting for details.

I usually use method 2 to solve the problem

-

Solution 1

-

For me, some tests conducted on the intranet, for convenience, choose the lowest security level. Configure in .ssh / config (or / etc/ssh/ssh_config):

StrictHostKeyChecking noUserKnownHostsFile / dev/null

(note: for simplicity here, set knownhostfile to / dev/null and do not save it in known_hosts.)

-

Solution 2

-

Vi / .ssh/known_hosts

Delete the relevant rsa information of the corresponding ip

-

Solution 3

-

Rm-f known_hosts "what to do when Host key verification failed occurs when SSH connection" is introduced here, thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.