SSH server Public Key record file)

When you log on to the remote server, you can use the public key of the received server to compare it with the public key of the received server ~ /. Ssh/known_hosts has no related public key, and then perform the following action:

• If the received public key has not been recorded, ask the user if it is recorded. If you want to record (the step that answers yes in the example), write ~ /. Ssh/known_hosts and subsequent login work; if no record (No answer) is recorded, the file is not written and the logon work is left;

• If the received public key already has a record, check whether the record is the same. If the record is the same, the logon action is continued. If the record is different, a warning message is displayed and the logon attempt is left. This is the client's self-protection function to prevent your server from being disguised by others.

Although SSH on the server may change normally, the problem is that if the server is used for testing and is often re-installed, the public key of the server must be different. If so, you cannot log on again!

What should we do? Let's simulate this behavior! You are quite impressed!

Example:

After the simulation server is re-installed, assuming that the server uses the same IP address, the public key of the server with the same IP address is different, what are the problems and solutions?

A:

Use the method described in the previous section to delete the original public key and restart SSH to update your public key:

 
Rm/etc/ssh/ssh_host */etc/init. d/sshd restart
 

Then, use the following method to perform online operations:

[Root @ WWW ~] #  SSH root @ localhost @ Warning: remote Host identification has changed! @ <= It tells you there may be problems.  It is possible that someone is doing something nasty ! Someone cocould be eavesdropping on you right now (man - In -The-middle attack )! It is also possible that the RSA host key has just been changed. The fingerprint  For  The RSA key sent by the remote host isa7: 2E: 58: 51: 9f: 1b: 02: 64: 56: Ea: CB: 9C: 92: 5E: 79: F9.please contact your system administrator. Add correct host key  In /Root/. Ssh/ Known_hosts to get rid of this message. offending key  In /Root/. Ssh/known_hosts: 1 <= The number followed by the colon is the problematic data row number RSA host key  For  Localhost has changed and you have requested strict checking. Host key verification failed. 

In the error message in the above table, the special font tells you:/root /. line 3 of SSH/known_hosts. The public key in the ssh/known_hosts is different from the result received this time and may be attacked! What should we do? It's okay! Please use Vim to/root /. SSH/known_hosts, and delete the 1st rows (colon: Followed by a number), and then re-Ssh, the system will ask you again if you want to add a public key! That's easy! Pai_^ Transferred from Http://vbird.dic.ksu.edu.tw/linux_server/0310telnetssh_2.php#ssh_start