使用linux最经常使用的就是ssh远程登录,而我的测试机器有10个系统,不同的linux版本,当换系统之后,从我笔记本上ssh登录就会出现host key更新的现象:
[fan3838@fan3838 pingshu]$ ssh root@ha203
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
76:fb:b3:70:14:48:19:d6:29:f9:ba:42:46:be:fb:77.
Please contact your system administrator.
Add correct host key in /home/fan3838/.ssh/known_hosts to get rid of this message.
Offending key in /home/fan3838/.ssh/known_hosts:68
RSA host key for ha203 has changed and you have requested strict checking.
Host key verification failed.
[fan3838@fan3838 pingshu]$
|
遇到这种现象,我只能手工删除~/.ssh/known_hosts里面对应的一行,然后重新登录。我在网上搜过,也没有什么好办法,也许是我没有找到,因为这个问题我想所有用linux的应该都经常遇到。在window上用ssh secure shell工具登录,如果host key有更新,会提问是否更新,显然还是很智能的。
在linux上面怎么办呢?首先想到的是找ssh的参数和配置文件,最终无果。后来想自己写脚本来实现。最终脚本如下:
#!/bin/bash
#2007-07-31 by fan3838
declare -a run
declare -a file
if [ $# -lt 1 ];then
echo "Usage: $0 "
echo "eg: $0 root@172.16.81.191"
exit 1
fi
/usr/bin/ssh $1
if [ "$?" = 255 ];then
/usr/bin/ssh $1 &>/tmp/ssh.txt
dos2unix /tmp/ssh.txt
run=`grep "known_hosts:" /tmp/ssh.txt| awk '{print $4}' | awk -F: '{print $2}'`
file=`grep "known_hosts:" /tmp/ssh.txt| awk '{print $4}' | awk -F: '{print $1}'`
# Delete the key from the known_hosts file
echo $run
echo $file
# if you want to use vi in a shell scripts
# the lines of vi and so on must be the first word of that line
#vi `grep "known_hosts:" /tmp/ssh.txt| awk '{print $4}' | awk -F: '{print $1}'` +$running <<EOF
#dd
#:wq
#EOF
echo "^^^^^^^^^^^^^^^^^^^^^"
sed "$run d" $file >/tmp/known_hosts.txt
/bin/mv -f /tmp/known_hosts.txt $file
/bin/rm -f /tmp/known_hosts.txt
/bin/rm -f /tmp/ssh.txt
echo "_____________________"
# ssh again
/usr/bin/ssh $1
fi
|
脚本简单易懂,说两点我遇到的问题:
1、最开始我想用vi来打开known_hosts的第$run行,shell调用vi我以前用过,但是今天一用怎么都有问题,当时的vi部分是这么写的
if [ "$?" != 0 ];then
.............................省略掉..................
vi `grep "known_hosts:" /tmp/ssh.txt| awk '{print $4}' | awk -F: '{print $1}'` +$running <<EOF dd :wq EOF
# ssh again
/usr/bin/ssh $1
fi
|
当时为了格式清晰,所以vi和下面三行前面都有个
,但是这样怎么测试怎么说我的if语句没有结束,那时候的确vi后面所有行都是红色的,明显有问题,但是问题又不知道在哪。
我非常郁闷,找到以前写的shell调用vi的脚本,发现那些脚本起码颜色是正常的,if和fi对应的橙色,<,必须是顶头才行。所以我在shell里面解释了一下(当然翻译有点问题是在所难免的)
# if you want to use vi in a shell scripts
# the lines of vi and so on must be the first word of that line
|
2、后来发现vi总有些问题,决定用sed,但是测试”sed "$run d" $file“的时候,也是问题不断,怎么看这句应该是正确的,在命令行也验证(run=6)绝对没错,但是在脚本里面就老提示:
^^^^^^^^^^^^^^^^^^^^^ 'ed:-e 表达式 #1,字符 3:unknown command: ` _____________________
|
我是怎么想都想不通哪里有问题!按理说,命令行没问题,那么在脚本里面就不应该有问题啊。后来把相关几句提取出来,放到一个新的脚本里面,并且打开命令提示(#!/bin/bash -x),一执行,发现问题了
[root@lvs191 ~]# ./123.sh
++ grep known_hosts: /tmp/ssh.txt
++ awk -F: '{print $2}'
++ awk '{print $4}'
+ run=$'6\r' <这有问题>
++ grep known_hosts: /tmp/ssh.txt
++ awk '{print $4}'
++ awk -F: '{print $1}'
+ file=/root/.ssh/known_hosts <这就没问题>
+ echo $'6\r' <这有问题>
6
+ echo /root/.ssh/known_hosts
<这就没问题>
/root/.ssh/known_hosts
+ echo '^^^^^^^^^^^^^^^^^^^^^'
^^^^^^^^^^^^^^^^^^^^^
d' /root/.ssh/known_hosts
'ed:-e 表达式 #1,字符 3:unknown command: `
[root@lvs191 ~]#
|
我立马想到问题处在了/tmp/ssh.txt里面了,里面有控制字符,一看,果然如此:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@^M
@ WARNING: REMOTE HOST IDENTIFICATION HAS @^M
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@^M
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!^M
Someone could be eavesdropping on you right now (man-in-the-middle attack)!^M
It is also possible that the RSA host key has just been changed.^M
The fingerprint for the RSA key sent by the remote host is
76:fb:b3:70:14:48:19:d6:29:f9:ba:42:46:be:fb:77.^M
Please contact your system administrator.^M
Add correct host key in /root/.ssh/known_hosts to get rid of this message.^M
Offending key in /root/.ssh/known_hosts:6^M
RSA host key for 172.16.81.203 has changed and you have requested strict checking.^M
Host key verification failed.^M
|
我知道刚才vi总有问题,肯定也在这呢。怎么就没有注意呢?看来所有的结果都是有原因引起的。追根寻源才是解决问题的根本。
加了个dos2unix解决掉/tmp/ssh.txt。
改$PATH为PATH=$HOME/bin:$PATH。将脚本命名为ssh,放到$HOME/bin。搞定。
阅读(3355) | 评论(1) | 转发(1) |