blu*_*ast 3 ubuntu ssh hostkey reboot
我有四台正在运行的 Azure VM 机器Ubuntu 20.04.3,我经常关闭它们。昨天我关闭了它们,今天早些时候我重新启动了它们。通常这不会出现任何问题。
今天,其中一台机器开始给我带来可怕的WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED:
\xc2\xbb ssh machine-two \n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ \n@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ \n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ \nThe ECDSA host key for machine-two.westeurope.cloudapp.azure.com has changed, \nand the key for the corresponding IP address 23.231.121.245 \nis unknown. This could either mean that \nDNS SPOOFING is happening or the IP address for the host \nand its host key have changed at the same time. \n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ \n@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ \n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ \nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! \nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\nIt is also possible that a host key has just been changed.\nThe fingerprint for the ECDSA key sent by the remote host is\nSHA256:lU2tqbkQU+e3l+hymVr+lU2tqbkQUWo3/wXxdT/MGA4.\nPlease contact your system administrator. \nAdd correct host key in /home/theuser/.ssh/known_hosts to get rid of this message.\nOffending ECDSA key in /home/theuser/.ssh/known_hosts:92\n remove with: \n ssh-keygen -f "/home/theuser/.ssh/known_hosts" -R "machine-two.westeurope.cloudapp.azure.com"\nPassword authentication is disabled to avoid man-in-the-middle attacks.\nKeyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.\nWelcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.11.0-1021-azure x86_64)\n我还没有重新安装机器 - 也许我昨天进行了系统更新,但肯定没有重新安装。
\n我看到的是主机密钥确实已更新:
\n\xc2\xbb ls -l /etc/ssh/\ntotal 576\n-rw-r--r-- 1 root root 535195 Jul 23 14:55 moduli\n-rw-r--r-- 1 root root 1603 Jul 23 14:55 ssh_config\ndrwxr-xr-x 2 root root 4096 Jul 23 14:55 ssh_config.d\n-rw------- 1 root root 1393 Nov 24 04:05 ssh_host_dsa_key\n-rw-r--r-- 1 root root 610 Nov 24 04:05 ssh_host_dsa_key.pub\n-rw------- 1 root root 513 Nov 24 04:05 ssh_host_ecdsa_key\n-rw-r--r-- 1 root root 182 Nov 24 04:05 ssh_host_ecdsa_key.pub\n-rw------- 1 root root 411 Nov 24 04:05 ssh_host_ed25519_key\n-rw-r--r-- 1 root root 102 Nov 24 04:05 ssh_host_ed25519_key.pub\n-rw------- 1 root root 2610 Nov 24 04:05 ssh_host_rsa_key\n-rw-r--r-- 1 root root 574 Nov 24 04:05 ssh_host_rsa_key.pub\n-rw-r--r-- 1 root root 342 Oct 21 23:45 ssh_import_id\n-rw-r--r-- 1 root root 3287 Oct 21 23:46 sshd_config\ndrwxr-xr-x 2 root root 4096 Oct 22 00:09 sshd_config.d\n并且更新时间与启动时间相匹配:
\n\xc2\xbb last -5\nazureuse pts/1 216.129.44.18 Wed Nov 24 04:10 still logged in\nazureuse pts/0 216.129.44.18 Wed Nov 24 04:10 still logged in\nreboot system boot x.yy.0-zzzz-azur Wed Nov 24 04:04 still running\nazureuse pts/0 216.129.44.18 Tue Nov 23 08:22 - 23:02 (14:39)\nreboot system boot x.yy.0-zzzz-azur Tue Nov 23 03:58 - 23:02 (19:04)\n\nwtmp begins Tue Oct 26 20:19:31 2021\n其他机器不受此影响,也从未受此影响。事实上,这是我第一次看到主机密钥“自发”更改。
\n为什么重启会更新主机密钥?我还应该验证什么?目前,我正在与StrictHostKeyChecking no
小智 6
跑步grep ssh /var/log/cloud-init.log。显然,如果VM的实例ID发生变化,cloud-init将重新生成密钥/指纹。该文件似乎有很长的历史,因此应该很容易判断它是否发生在您的时间范围内。
| 归档时间: |
|
| 查看次数: |
2663 次 |
| 最近记录: |