ssh:无法建立主机“主机名"的真实性 [英] ssh: The authenticity of host 'hostname' can't be established

问题描述

当我SSH到计算机时，有时我会收到此错误警告，并提示您说是"或否".从自动ssh到其他计算机的脚本运行时，这会引起一些麻烦.

When i ssh to a machine, sometime i get this error warning and it prompts to say "yes" or "no". This cause some trouble when running from scripts that automatically ssh to other machines.

警告消息:

The authenticity of host '<host>' can't be established.
ECDSA key fingerprint is    SHA256:TER0dEslggzS/BROmiE/s70WqcYy6bk52fs+MLTIptM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'pc' (ECDSA) to the list of known hosts.

有没有一种方法可以自动说是"或忽略它?

Is there a way to automatically say "yes" or ignore this?

推荐答案

取决于您的ssh客户端，您可以在命令行上将StrictHostKeyChecking选项设置为no，和/或将密钥发送到空的known_hosts文件.您还可以在配置文件中为所有主机或一组给定的IP地址或主机名设置这些选项.

Depending on your ssh client, you can set the StrictHostKeyChecking option to no on the command line, and/or send the key to a null known_hosts file. You can also set these options in your config file, either for all hosts or for a given set of IP addresses or host names.

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no

编辑

正如@IanDunn所指出的那样，这样做存在安全隐患.如果您正在连接的资源被攻击者欺骗，他们可能会重播目标服务器的挑战给您，使您以为您正在连接到远程资源，而实际上他们正在通过以下方式连接到该资源:您的凭据.在更改连接机制以跳过HostKeyChecking之前，您应该仔细考虑这是否是适当的风险.

As @IanDunn notes, there are security risks to doing this. If the resource you're connecting to has been spoofed by an attacker, they could potentially replay the destination server's challenge back to you, fooling you into thinking that you're connecting to the remote resource while in fact they are connecting to that resource with your credentials. You should carefully consider whether that's an appropriate risk to take on before altering your connection mechanism to skip HostKeyChecking.

参考.

这篇关于ssh:无法建立主机“主机名"的真实性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！