Monday, February 23, 2009

0013 使用SSH登录远程主机

当你第一次从本地登录远程主机的时候,系统会显示一个无法找到主机密匙的消息,你回答yes就可以继续了。主机密匙文件保存在你的根目录下的.ssh2/hostkeys 文件夹下,如下所示:
localhost ssh -l jsmith remotehost.example.com

Host key not found from database.
Key fingerprint:
xabie-dezbc-manud-bartd-satsy-limit-nexiu-jambl-title-jarde-
tuxum
You can get a public key’s fingerprint by running
% ssh-keygen -F publickey.pub
on the keyfile.
Are you sure you want to continue connecting (yes/no)? Yes

Host key saved to
/home/jsmith/.ssh2/hostkeys/key_22_remotehost.example.com.pu
host key for remotehost.example.com, accepted by jsmith Mon
May 26 2008 16:06:50 -0700
jsmith@remotehost.example.com password:

remotehost.example.com$

下次你再登录的时候就只需要提供登录密码就可以了,因为主机密匙已经保存在SSH客户端中了:
localhost ssh -l jsmith remotehost.example.com
jsmith@remotehost.example.com password:

remotehost.example.com$

如果由于某些原因,在你第一次登陆远程主机后,主机上的密匙文件变更了,你可能会得到类似下面的警告消息。这可能是因为以下的原因:
  • 系统管理员更新/重新安装了主机上的SSH服务端。
  • 某些人进行了恶意攻击。
在你对某些命令回答"yes"之前,你最好问问你的系统管理员为什么你会得到这个警告消息或者他是不是更改了密匙文件。


localhost ssh -l jsmith remotehost.example.com    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  @       WARNING: HOST IDENTIFICATION HAS CHANGED!         @  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!  Someone could be eavesdropping on you right now (man-in-the- middle attack)!  It is also possible that the host key has just been changed.  Please contact your system administrator.  Add correct host key to  “/home/jsmith/.ssh2/hostkeys/key_22_remotehost.example.com.pu b”  to get rid of this message.  Received server key’s fingerprint:  xabie-dezbc-manud-bartd-satsy-limit-nexiu-jambl-title-arde- tuxum  You can get a public key’s fingerprint by running  % ssh-keygen -F publickey.pub  on the keyfile.  Agent forwarding is disabled to avoid attacks by corrupted  servers.  Are you sure you want to continue connecting (yes/no)? yes    Do you want to change the host key on disk (yes/no)? yes    Agent forwarding re-enabled.  Host key saved to  /home/jsmith/.ssh2/hostkeys/key_22_remotehost.example.com.pub  host key for remotehost.example.com, accepted by jsmith Mon  May 26 2008 16:17:31 -0700    jsmith @remotehost.example.com’s password:     remotehost$
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)