这个目录会包含:id_rsa(本机私钥) ,id_rsa.pub(本机公钥) ,known_hosts,authorized_keys ## 1. known_hosts ssh会把你每个你访问过计算机的公钥(public key)都记录在自己~/.ssh/known_hosts,**也就是说这个文件存放的是别人的公钥**. 当下次访问相同计算机时，OpenSSH会核对公钥。如果公钥不同，OpenSSH会发出警告， 避免你受到DNS Hijack之类的攻击。 有时候需要SSH登陆到别的Linux主机上去，但有时候SSH登陆会被禁止，并弹出如下类似提示： ``` @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed.The fingerprint for the RSA key sent by the remote host is36:68:a6:e6:43:34:6b:82:d7:f4:df:1f:c2:e7:37:cc .Please contact your system administrator.Add correct host key in /u/xlian008/.ssh/known_hosts to get rid of this message.Offending key in /u/xlian008/.ssh/known_hosts:2RSA host key for 135.1.35.130 has changed and you have requested strict checking.Host key verification failed. ``` ### 1.1 问题处理 #### 1.1.1 直接删除文件 rm -rf ~/.ssh/known_hosts ++++++++++++++++++ 优点：干净利索 缺点：把其他正确的公钥信息也删除，下次链接要全部重新经过认证 #### 1.1.2 只删除对应ip的公钥信息 vi ~/.ssh/known_hosts 删除对应ip的相关rsa信息（本例可知删除53行信息即可） ++++++++++++++++++ 优点：其他正确的公钥信息保留 缺点：还要vi，还要找到对应信息，稍微优点繁琐 #### 1.1.3 清除旧的公钥信息 ssh-keygen -R 192.168.56.12 优点：快、稳、狠 缺点：没有缺点 ``` root@ubuntu02:~/.ssh# cat known_hosts |1|stafc+a5GvOvErjqMaoyAqq3d0o=|/JmKTswazxvKn4Sm/pIh8XRApDE= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIpePogNjnLvOCG9TiB2CN/t4ElLRT+nsQ3crQvSsiShQUEeTT2AWQ3w5IERnxObzu9x8AFeKLYUxGKE6H8Vd+M= root@ubuntu02:~/.ssh# root@ubuntu02:~/.ssh# root@ubuntu02:~/.ssh# root@ubuntu02:~/.ssh# root@ubuntu02:~/.ssh# ssh-keygen -R 192.168.56.12 # Host 192.168.56.12 found: line 1 type ECDSA /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old root@ubuntu02:~/.ssh# cat known_hosts # 没有le ``` 此时,再去ssh到 ``` root@ubuntu02:~/.ssh# ssh 192.168.56.12 The authenticity of host '192.168.56.12 (192.168.56.12)' can't be established. ECDSA key fingerprint is 23:c8:3f:eb:59:1f:a7:3c:b8:26:0c:f9:14:d3:3c:54. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.56.12' (ECDSA) to the list of known hosts. Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-31-generic x86_64) * Documentation: https://help.ubuntu.com/ System information as of Wed Nov 28 13:49:57 CST 2018 System load: 0.0 Processes: 101 Usage of /: 18.7% of 8.73GB Users logged in: 1 Memory usage: 7% IP address for eth0: 10.0.2.15 Swap usage: 0% IP address for eth1: 192.168.56.12 Graph this data and manage this system at: https://landscape.canonical.com/ New release '16.04.5 LTS' available. Run 'do-release-upgrade' to upgrade to it. Last login: Wed Nov 28 13:49:57 2018 from 192.168.56.11 root@ubuntu03:~# logout Connection to 192.168.56.12 closed. root@ubuntu02:~/.ssh# cat known_hosts |1|pnWOoZwi7vzWCvk+CEL3syEgjn4=|HIKt7r+IpzvhGn7AG+graSJ3Hto= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIpePogNjnLvOCG9TiB2CN/t4ElLRT+nsQ3crQvSsiShQUEeTT2AWQ3w5IERnxObzu9x8AFeKLYUxGKE6H8Vd+M= ```