Ubuntu
使用 DNS 名稱而不是 IP 地址時,無法使用 SSH 登錄,並且 SSH 主機密鑰不同
我剛剛重新啟動了我的 Ubuntu 16.04 伺服器並開始收到錯誤“警告:遠端主機標識已更改!” 嘗試使用 DNS 名稱 ssh 時
ssh me@myserver.lan
。我最初只是從 known_hosts 中刪除了條目並再次嘗試,但我意識到它實際上根本不接受我的密碼。使用
ssh me@192.168.1.2
IP 地址仍然有效,甚至我的無密碼登錄仍然有效。這是 的輸出
nslookup myserver.lan
,顯示 DNS 正在返回正確的地址:Server: 192.168.1.2 Address: 192.168.1.2#53 Name: myserver.lan Address: 192.168.1.2
這是 `ssh me@192.168.1.2’ 的詳細輸出,它成功了:
OpenSSH_6.9p1, LibreSSL 2.1.8 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: /etc/ssh/ssh_config line 56: Applying options for * debug1: Connecting to 192.168.1.2 [192.168.1.2] port 22. debug1: Connection established. debug1: identity file /Users/jimbo/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 192.168.1.2:22 as 'me' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ZOO3YXwox2kHpLokBRXzPvuUFPOrposhAgnpQCaZ5+I The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established. ECDSA key fingerprint is SHA256:ZOO3YXwox2kHpLokBRXzPvuUFPOrposhAgnpQCaZ5+I. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.2' (ECDSA) to the list of known hosts. debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/jimbo/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentication succeeded (publickey). Authenticated to 192.168.1.2 ([192.168.1.2]:22). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: Sending environment. debug1: Sending env LANG = en_GB.UTF-8 Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-78-generic x86_64)
這是 的詳細輸出
ssh me@myserver.lan
,它失敗了,並且無法辨識我的密碼:OpenSSH_6.9p1, LibreSSL 2.1.8 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: /etc/ssh/ssh_config line 56: Applying options for * debug1: Connecting to myserver.lan [::1] port 22. debug1: Connection established. debug1: identity file /Users/jimbo/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/jimbo/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9 debug1: match: OpenSSH_6.9 pat OpenSSH* compat 0x04000000 debug1: Authenticating to myserver.lan:22 as 'me' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:WDp/1JiHcWk6Lpcgfrl+/pDbSmdFxVTZFDfVhTEqBCg debug1: Host 'myserver.lan' is known and matches the ECDSA host key. debug1: Found key in /Users/jimbo/.ssh/known_hosts:5 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/jimbo/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /Users/jimbo/.ssh/id_dsa debug1: Trying private key: /Users/jimbo/.ssh/id_ecdsa debug1: Trying private key: /Users/jimbo/.ssh/id_ed25519 debug1: Next authentication method: keyboard-interactive Password:
如您所見,返回的主機密鑰不同。在使用主機名與 IP 地址時期望不同的密鑰是否正確。我可以採取哪些下一步措施?
看起來 ssh 正在將主機名解析為 localhost,因為我在 ssh 到 localhost 時獲得了相同的主機密鑰。
我的主機文件基本上是空的:
127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost
但是
host myserver.lan
返回這個。這與 IPv6 配置有關嗎?host myserver.lan myserver.lan has address 192.168.1.2 myserver.lan has IPv6 address ::1
這是的輸出
dig @192.168.1.2 myserver.lan
; <<>> DiG 9.8.3-P1 <<>> @192.168.1.2 myserver.lan ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32577 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;myserver.lan. IN A ;; ANSWER SECTION: myserver.lan. 604800 IN A 192.168.1.2 ;; AUTHORITY SECTION: myserver.lan. 604800 IN NS ns.myserver.lan. ;; ADDITIONAL SECTION: ns.myserver.lan. 604800 IN A 192.168.1.2 ;; Query time: 21 msec ;; SERVER: 192.168.1.2#53(192.168.1.2) ;; WHEN: Sun May 21 13:34:41 2017 ;; MSG SIZE rcvd: 79
以及伺服器上的綁定配置文件:
; ; BIND data file for myserver $TTL 604800 @ IN SOA myserver.lan. root.myserver.lan. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN A 192.168.1.2 ; @ IN NS ns.myserver.lan. @ IN A 192.168.1.2 @ IN AAAA ::1 ns IN A 192.168.1.2
PS我有一台帶有cygwin的Windows筆記型電腦,它仍然能夠使用主機名登錄伺服器。只有我的 Mac 似乎受到了影響。
該問題是由不正確的 DNS 配置引起的。ssh 客戶端使用 IPv6 並且“myserver.lan”被解析為
$$ ::1 $$. 您需要從區域配置文件中刪除 AAAA ::1 記錄並重新啟動命名。