从命令行自动接受rsa密钥指纹


15

我尝试yes | ssh root@10.x.x.x尝试接受RSA密钥指纹,但是如果确定要连接,仍会提示我。有没有办法使之自动化?

Answers:


8

将它们添加到您的bash启动文件或类似文件中:

 #
 #  ssh + scp without storing or prompting for keys.
 #
 function sshtmp
 {
     ssh -o "ConnectTimeout 3" \
         -o "StrictHostKeyChecking no" \
         -o "UserKnownHostsFile /dev/null" \
              "$@"
 }
 function scptmp
 {
     exec scp -o "ConnectTimeout 3" \
         -o "StrictHostKeyChecking no" \
         -o "UserKnownHostsFile /dev/null" \
         "$@"
 }

然后使用sshtmp,或scptmp代替sshscp

注意如果您沿着这条路走,则不会提示您主机密钥已更改,并且将失去安全性。


4
谢谢你ssh -o "StrictHostKeyChecking no" root@10.x.x.x为我工作
VenomFangs 2014年

16
答案如何?问题是自动接受密钥,而不是忽略它们!如果在这里被问到并回答了,那么我如何找到实际问题“自动接受键”的答案?讨厌做一个低俗的选民,但是这不是堆栈交换的方式!
JohnnyB,2015年

@JohnnyB看看我的答案。这不是最干净的解决方案,但实际上允许密钥被自动接受
RDP

13

StrictHostKeyChecking=accept-new为此,OpenSSH 7.6引入了新的设置:

ssh(1): expand the StrictHostKeyChecking option with two new
   settings. The first "accept-new" will automatically accept
   hitherto-unseen keys but will refuse connections for changed or
   invalid hostkeys. This is a safer subset of the current behaviour
   of StrictHostKeyChecking=no. The second setting "n", is a synonym
   for the current behaviour of StrictHostKeyChecking=no: accept new
   host keys, and continue connection for hosts with incorrect
   hostkeys. A future release will change the meaning of
   StrictHostKeyChecking=no to the behaviour of "accept-new".

OpenSSH 7.6发行说明


10

通过已知主机密钥以编程方式使用SSH

如果您希望能够以编程方式使用并避免中间人攻击,那么我建议您使用命令获得已知的指纹ssh-keyscan。例:

$ ssh-keyscan -t rsa,dsa github.com 2>/dev/null
github.com ssh-dss AAAAB3NzaC1kc3MAAACBANGFW2P9xlGU3zWrymJgI/lKo//ZW2WfVtmbsUZJ5uyKArtlQOT2+WRhcg4979aFxgKdcsqAYW3/LS1T2km3jYW/vr4Uzn+dXWODVk5VlUiZ1HFOHf6s6ITcZvjvdbp6ZbpM+DuJT7Bw+h5Fx8Qt8I16oCZYmAPJRtu46o9C2zk1AAAAFQC4gdFGcSbp5Gr0Wd5Ay/jtcldMewAAAIATTgn4sY4Nem/FQE+XJlyUQptPWMem5fwOcWtSXiTKaaN0lkk2p2snz+EJvAGXGq9dTSWHyLJSM2W6ZdQDqWJ1k+cL8CARAqL+UMwF84CR0m3hj+wtVGD/J4G5kW2DBAf4/bqzP4469lT+dF2FRQ2L9JKXrCWcnhMtJUvua8dvnwAAAIB6C4nQfAA7x8oLta6tT+oCk2WQcydNsyugE8vLrHlogoWEicla6cWPk7oXSspbzUcfkjN3Qa6e74PhRkc7JdSdAlFzU3m7LMkXo1MHgkqNX8glxWNVqBSc0YRdbFdTkL0C6gtpklilhvuHQCdbgB3LBAikcRkDp+FCVkUgPC/7Rw==
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

然后,您可以伪造脚本以将其保存到临时文件并使用该UserKnownHostsFile选项。下面的示例是一个脚本,可以称为ssh_github

#!/bin/bash

HOSTKEY='github.com ssh-dss AAAAB3NzaC1kc3MAAACBANGFW2P9xlGU3zWrymJgI/lKo//ZW2WfVtmbsUZJ5uyKArtlQOT2+WRhcg4979aFxgKdcsqAYW3/LS1T2km3jYW/vr4Uzn+dXWODVk5VlUiZ1HFOHf6s6ITcZvjvdbp6ZbpM+DuJT7Bw+                      h5Fx8Qt8I16oCZYmAPJRtu46o9C2zk1AAAAFQC4gdFGcSbp5Gr0Wd5Ay/jtcldMewAAAIATTgn4sY4Nem/FQE+XJlyUQptPWMem5fwOcWtSXiTKaaN0lkk2p2snz+EJvAGXGq9dTSWHyLJSM2W6ZdQDqWJ1k+cL8CARAqL+UMwF84CR0m3hj+wtVGD/J4G5kW2DBAf4/bqzP4469lT+dF2FRQ2L9JKXrCWcnhMtJUvua8dvnwAAAIB6C4nQfAA7x8oLta6tT+oCk2WQcydNsyugE8vLrHlogoWEicla6cWPk7oXSspbzUcfkjN3Qa6e74PhRkc7JdSdAlFzU3m7LMkXo1MHgkqNX8glxWNVqBSc0YRdbFdTkL0C6gtpklilhvuHQCdbgB3LBAikcRkDp+FCVkUgPC/7Rw==
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+                                                                                                                                      PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+    2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=='

TEMPFILE=$(mktemp)
echo "$HOSTKEY" > $TEMPFILE

ssh -o "UserKnownHostsFile $TEMPFILE" $@

rm $TEMPFILE

有了它,您可以运行ssh_github而不是运行ssh它,即使没有known_hosts文件放置在脚本中,它也可以连接。


0

我只使用:'ssh -o StrictHostKeyChecking = no user @ host',它也可以与pssh一起使用:'pssh -O StrictHostKeyChecking = no -h list.text -l user -A -i“ cmd”'

问候,


这对我有用,请问为什么它被否决?还需要OpenSSH的7.6+
Xenocide8998

-3

您可以使用-y选项:即尝试

ssh -y root@10.x.x.x

-y 如果未知,请始终接受远程主机密钥


欢迎来到服务器故障!请使用Markdown和/或编辑菜单中的格式设置选项来正确设置帖子的类型,以提高其可读性。按照惯例,将命令格式设置为“ code”。
HBruijn

奇怪,但在那个人中,我看到以下内容–-y Send log information using the syslog system module. By default this information is sent to stderr.
ALex_hha '17

我在男人身上也看到同样的情况。
基拉伊伊什特万

这不是有效的ssh选项吗?您是从哪里复制/粘贴的?
Flo Woo

2
此选项仅存在于dropbear SSH中,而不存在于OpenSSH中。
杰里米·维瑟
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.