|
在本文中,将介绍在Linux计算机(Ubuntu/Debian/CentOS/Fedora/Arch和其他运行Linux的系统)上禁用SSH主机密钥检查。
在SSH主机密钥检查中,ssh检查一个数据库,其中包含该数据库曾经被访问过的所有主机的标识,它将主机密钥保存在用户主目录中的~/.ssh/known_hosts文件中: $ ls -1 ~/.ssh/ authorized_keys config id_rsa id_rsa.pub known_hosts 当主机的标识更改时,ssh客户端会对此进行警告并禁用密码身份验证,以确保不会发生中间人攻击或服务器欺骗。参考在Linux系统下更改或更新SSH密钥密码的方法。
用于控制此设置的参数是StrictHostKeyChecking,它具有三个可能的值: yes:如果设置为“yes”,ssh将永远不会自动将主机密钥添加到~/.ssh/known_hosts文件,并且将拒绝连接主机密钥已更改的主机。 no:设置为“no”时,ssh会自动将新的主机密钥添加到用户已知的主机文件中。 ask:如果设置为“ask”(默认),则只有在用户确认操作后,新的主机密钥才会添加到用户已知的主机文件中,并且ssh将拒绝连接主机密钥已更改的主机。 要在Linux上禁用SSH主机密钥检查,必须将该值设置为no,并将UserKnownHostsFile设置为重定向到/dev/null。
如果还没有SSH密钥,请生成它,设置密码是可选的: $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/debian/.ssh/id_rsa): Enter passphrase (empty for no passphrase): <optional> Enter same passphrase again: <optional> Your identification has been saved in /home/debian/.ssh/id_rsa. Your public key has been saved in /home/debian/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/2A71cIaTTuuDJ6C2gatFk5/6WAq3JyLCfppkAfdQzM debian@deb10 The key's randomart image is:
本地用户的ssh目录为~/.ssh: $ ls -1 ~/.ssh authorized_keys id_rsa id_rsa.pub 确保文件具有正确的权限: for file in authorized_keys id_rsa; do chmod 0400 ~/.ssh/${file} done
创建本地ssh配置文件: touch ~/.ssh/config 将以下设置添加到创建的配置文件中: cat << EOF > ~/.ssh/config Host * StrictHostKeyChecking no UserKnownHostsFile=/dev/null EOF 为文件设置正确的所有权: chmod 0400 ~/.ssh/config
这时应该能够在不检查SSH主机密钥的情况下登录,如下: $ ssh debian@10.1.1.11 Warning: Permanently added '10.1.1.11' (ECDSA) to the list of known hosts. Enter passphrase for key '/home/centos/.ssh/id_rsa': Linux deb10 4.19.0-5-cloud-amd64 #1 SMP Debian 4.19.37-5+deb10u2 (2019-08-08) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Tue Jan 7 10:35:34 2020 from 10.1.1.10 debian@deb10:~$ 至此,已经成功的在Linux操作系统上禁用SSH主机密钥检查。
相关主题 |
