在Linux- Ubuntu/Debian/CentOS/Fedora上如何禁用SSH主机密钥检查
时间:2020-02-23 14:32:40 来源:igfitidea点击:
在本文中,我们将学会在Linux机器上禁用SSH主机密钥检查 - Ubuntu/Debian/CentOS/Fedora/Arch以及运行Linux的任何其他系统。
在SSH主机密钥检查中,SSH检查包含曾经访问过的所有主机的标识的数据库。
它维护主机密钥 ~/.ssh/known_hosts文件位于用户主目录中。
$ls -1 ~/.ssh/ authorized_keys config id_rsa id_rsa.pub known_hosts
当主机的识别已更改时,SSH客户端警告其并禁用密码身份验证以确保不会发生中间人攻击或者服务器欺骗。
用于控制此设置的参数是stricthostKeychecking。
它有三个可能的值:
是:如果设置为"是",则SSH将永远不会自动添加主机键 ~/.ssh/known_hosts文件并拒绝连接到主机密钥已更改的主机。
当设置为"否"时,SSH将自动向用户已知的主机文件添加新的主机键.ASK:如果设置为"ark"(默认),则仅在用户确认操作和SSH将拒绝连接到主机密钥已更改的主机连接到用户已知的主机文件中才会添加到用户已知的主机文件中。
要禁用Linux上的SSH主机密钥检查,必须将该值设置为NO和UserKnownHostSfile设置以重定向到/dev/null。
如果我们已经没有,则生成SSH键。
设置密码是可选的。
$ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/debian/.ssh/id_rsa): Enter passphrase (empty for no passphrase): <optional> Enter same passphrase again: <optional> Your identification has been saved in /home/debian/.ssh/id_rsa. Your public key has been saved in /home/debian/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/2A71cIaTTuuDJ6C2gatFk5/6WAq3JyLCfppkAfdQzM Hyman@theitroad The key's randomart image is: +---[RSA 2048]----+ | | | E | | . o o | |. . o . | | o . . S + o | |o = . .. B . | |o=o=+. .. += o | |+.BO+.+. =o+. | |.B=+oo..o +o. | +----[SHA256]-----+
本地用户的SSH目录是~/.ssh
$ls -1 ~/.ssh authorized_keys id_rsa id_rsa.pub
确保文件具有正确的权限。
for file in authorized_keys id_rsa; do
chmod 0400 ~/.ssh/${file}
done
创建本地SSH配置文件。
touch ~/.ssh/config
将以下设置添加到创建的配置文件中。
cat << EOF > ~/.ssh/config
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
EOF
为文件设置正确的所有权。
chmod 0400 ~/.ssh/config
我们应该能够在没有SSH主机密钥检查的情况下登录。
$ssh Hyman@theitroad Warning: Permanently added '10.1.1.11' (ECDSA) to the list of known hosts. Enter passphrase for key '/home/centos/.ssh/id_rsa': Linux deb10 4.19.0-5-cloud-amd64 #1 SMP Debian 4.19.37-5+deb10u2 (2019-08-08) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Tue Sep 17 17:35:34 2019 from 10.1.1.10 Hyman@theitroad:~$
