远程登陆 Host Key Verification Failed: What It Means and How to Fix It
When attempting to remotely access a server using SSH, you might encounter the error "远程登陆 Host Key Verification Failed". This error message indicates that the SSH client cannot verify the host key of the remote server. This is a security measure designed to protect you from man-in-the-middle attacks.
What is Host Key Verification?
Every SSH server has a unique host key, which is a cryptographic key that identifies the server. When you connect to a server for the first time, the SSH client will generate a fingerprint of the host key. This fingerprint is stored in the known_hosts file on your client machine.
The next time you connect to the same server, the SSH client will compare the fingerprint of the host key with the one stored in the known_hosts file. If they match, the connection is considered secure. If they don't match, the host key verification fails, and you will receive the error message.
Why Does the Host Key Verification Fail?
There are several reasons why host key verification might fail:
- First connection: When connecting to a server for the first time, the SSH client will not have a record of the host key in the known_hosts file. This will result in a host key verification failure until you add the host key to the file.
- Host key change: If the SSH server administrator has changed the host key, the SSH client will detect this change and fail to verify the new host key.
- Man-in-the-middle attack: A malicious third party might try to intercept your SSH connection and present a fake host key. This would trigger a host key verification failure and prevent you from connecting to the real server.
How to Fix the "远程登陆 Host Key Verification Failed" Error
Here are some steps you can take to fix the 远程登陆 Host Key Verification Failed error:
-
Accept the new host key: If you are sure that the server you are connecting to is legitimate, you can accept the new host key. This will add the new host key fingerprint to the known_hosts file.
- On Linux and macOS:
ssh -o StrictHostKeyChecking=no user@server_address- On Windows:
- Use an SSH client like PuTTY and enable the option "Accept unknown host keys."
-
Delete the host key from the known_hosts file: If the server's host key has changed, you can delete the old host key entry from the known_hosts file. This will force the SSH client to re-verify the host key.
- On Linux and macOS:
ssh-keygen -R server_address -
Manually add the host key: If you want to manually add the host key to the known_hosts file, you can do so by following these steps:
- On Linux and macOS:
- Find the fingerprint of the new host key by running the following command:
ssh -o StrictHostKeyChecking=no user@server_address- The fingerprint will be displayed in the following format:
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX- Open the known_hosts file in a text editor.
- Add the fingerprint of the new host key to the file.
- Save the file and try connecting to the server again.
-
Disable host key verification: This is not recommended, but you can disable host key verification for specific hosts or globally. This will allow you to connect to any server without verifying the host key. However, this will make your connection vulnerable to man-in-the-middle attacks.
- On Linux and macOS:
ssh -o StrictHostKeyChecking=no user@server_address- On Windows:
- Use an SSH client like PuTTY and disable the option "Check host key fingerprints."
Conclusion
The 远程登陆 Host Key Verification Failed error is a security measure designed to protect you from malicious actors. While it can be frustrating, it's important to understand the reasons behind the error and take the necessary steps to fix it. Remember, you should always prioritize security and only accept host keys from trusted servers.