1. 提示如下

[root@ansible root]# ssh 172.21.21.252
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
c7:10:34:25:4d:7a:05:59:4a:3e:d0:18:53:49:3c:34.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1197
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.

这个提示是因为之前172.21.21.252这个IP被其他机器用过,而且通过SSH登录过,指纹就缓存在了~/.ssh/known_hosts 是为了防止中间人攻击。现在这个IP被新机器使用,指纹变了,所提提示了此警告,但不影响登录。

2. 解决办法

  1. 删除/root/.ssh/known_hosts 第 1197行(😑)

  2. 删除/root/.ssh/known_hosts(❌)

  3. 修改sshd配置(❌)

  4. 重新生成本地缓存的公钥(✔)

     ssh-keygen -R  172.21.21.252 -f /root/.ssh/known_hosts