sir*_*ide 7 ssh hostkey bastion
我正在尝试通过 jumpbox 进行 SSH,但 SSH 似乎有意检查 jumpbox 的主机密钥,即使我告诉它不要使用普通-o StrictHostKeyChecking=no -o UserKnownHostsFile=no命令行选项。
如果我直接通过 SSH 连接到 jumpbox,我可以让 SSH 按预期忽略错误:
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_jumpuser_rsa jumpuser@jumpbox
但是,如果我添加代理跳转选项,我突然收到错误消息。错误不是来自 jumpbox 在 jumpbox 上的任何 .ssh 目录中没有 known_hosts 文件,我也没有以 jumpuser 身份登录:
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_jumpuser_rsa -J jumpuser@jumpbox jumpuser@10.10.0.5
错误信息:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
<redacted>.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/user/.ssh/known_hosts:10
remove with:
ssh-keygen -f "/home/user/.ssh/known_hosts" -R jumpbox
ECDSA host key for jumpbox has changed and you have requested strict checking.
Host key verification failed.
ssh_exchange_identification: Connection closed by remote host
user我的普通用户在哪里,而不是我试图以 SSH 身份登录的用户。
我不知道这里发生了什么。SSH 是否具有强制主机密钥检查代理跳转情况的特殊覆盖?如果是这样,它的超级刺激,因为这将会使本地虚拟机配置一个真正的痛苦。
Jak*_*uje 13
该ProxyJump问题的另一个ssh过程中,不继承命令行参数,你就先在命令行上指定ssh的命令。有两种可能的出路:
在配置文件中使用这些选项~/.ssh/config- 它也可以为您节省大量输入!
Host jumpbox
User jumpuser
StrictHostKeyChecking=no
UserKnownHostsFile=/dev/null
IdentityFile ~/.ssh/id_jumpuser_rsa
然后您就可以像ssh -J jumpbox jumpuser@10.10.0.5.
改用ProxyCommand选项——它做同样的工作,但更透明,所以你可以看到那里实际发生了什么:
ssh -o ProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_jumpuser_rsa -W %h:%p jumpuser@jumpbox" -i ~/.ssh/id_jumpuser_rsa jumpuser@10.10.0.5
| 归档时间: |
|
| 查看次数: |
8241 次 |
| 最近记录: |