ssh:无法确定主机“主机名"的真实性 [英] ssh: The authenticity of host 'hostname' can't be established

问题描述

当我通过 ssh 连接到一台机器时，有时我会收到此错误警告并提示说是"或否".这会在从自动 ssh 到其他机器的脚本运行时造成一些麻烦.

When i ssh to a machine, sometime i get this error warning and it prompts to say "yes" or "no". This cause some trouble when running from scripts that automatically ssh to other machines.

警告信息:

The authenticity of host '<host>' can't be established.
ECDSA key fingerprint is    SHA256:TER0dEslggzS/BROmiE/s70WqcYy6bk52fs+MLTIptM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'pc' (ECDSA) to the list of known hosts.

有没有办法自动说是"或忽略这一点?

Is there a way to automatically say "yes" or ignore this?

推荐答案

根据您的 ssh 客户端，您可以在命令行上将 StrictHostKeyChecking 选项设置为 no，和/或将密钥发送到空的 known_hosts 文件.您还可以在配置文件中为所有主机或一组给定的 IP 地址或主机名设置这些选项.

Depending on your ssh client, you can set the StrictHostKeyChecking option to no on the command line, and/or send the key to a null known_hosts file. You can also set these options in your config file, either for all hosts or for a given set of IP addresses or host names.

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no

编辑

正如@IanDunn 所指出的，这样做存在安全风险.如果您连接的资源被攻击者欺骗，他们可能会将目标服务器的挑战重播给您，让您误以为您正在连接远程资源，而实际上他们正在连接到该资源你的凭据.在更改连接机制以跳过 HostKeyChecking 之前，您应该仔细考虑这是否是一个适当的风险.

As @IanDunn notes, there are security risks to doing this. If the resource you're connecting to has been spoofed by an attacker, they could potentially replay the destination server's challenge back to you, fooling you into thinking that you're connecting to the remote resource while in fact they are connecting to that resource with your credentials. You should carefully consider whether that's an appropriate risk to take on before altering your connection mechanism to skip HostKeyChecking.

参考.

这篇关于ssh:无法确定主机“主机名"的真实性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！