ssh：自动接受密钥

Adam Matan 发表于 Dev

亚当·马坦（Adam Matan）|

我已经编写了这个小实用程序脚本：

for h in $SERVER_LIST; do ssh $h "uptime"; done

将新服务器添加到时$SERVER_LIST，该脚本将通过以下方式停止：

The authenticity of host 'blah.blah.blah (10.10.10.10)' can't be established.
RSA key fingerprint is a4:d9:a4:d9:a4:d9a4:d9:a4:d9a4:d9a4:d9a4:d9a4:d9a4:d9.
Are you sure you want to continue connecting (yes/no)?

我已经试过yes：

for h in $SERVER_LIST; do yes | ssh $h "uptime"; done

没有运气。

有没有一种方法可以ssh自动接受任何新密钥？

莱肯施泰因

使用StrictHostKeyChecking选项，例如：

ssh -oStrictHostKeyChecking=no $h uptime

此选项也可以添加到〜/ .ssh / config中，例如：

Host somehost
    Hostname 10.0.0.1
    StrictHostKeyChecking no

请注意，更改主机密钥后，即使使用此选项，也会收到警告：

$ ssh -oStrictHostKeyChecking=no somehost uptime
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
31:6f:2a:d5:76:c3:1e:74:f7:73:2f:96:16:12:e0:d8.
Please contact your system administrator.
Add correct host key in /home/peter/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/peter/.ssh/known_hosts:24
  remove with: ssh-keygen -f "/home/peter/.ssh/known_hosts" -R 10.0.0.1
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
ash: uptime: not found

如果不经常重新安装主机，则可以使用该选项降低安全性（但对于经常更改的主机密钥来说更方便）-oUserKnownHostsFile=/dev/null。这将丢弃所有接收到的主机密钥，因此它将永远不会生成警告。

有了18.04，就有了一种新的可能性：StrictHostKeyChecking=accept-new。来自man 5 ssh_config：

If this flag is set to “accept-new” then ssh will automatically
add new host keys to the user known hosts files, but will not
permit connections to hosts with changed host keys.  If this flag
is set to “no” or “off”, ssh will automatically add new host keys
to the user known hosts files and allow connections to hosts with
changed hostkeys to proceed, subject to some restrictions.

本文收集自互联网，转载请注明来源。

如有侵权，请联系[email protected] 删除。