coreos_production_vmware_insecure
的登入方式使用公開的ssh key,任何一個下載同一份zip
檔案的人,都可以利用相同的ssh key登入,十分危險。本小節說明如何把這不安全的ssh key刪除掉,並換成使用者自己安全的ssh key。使用Ubuntu Linux作為ssh的客戶端示範。
ls ~/.ssh -al
,要有id_rsa.pub
這個檔案。
update-ssh-keys
,用來把自己安全的ssh key更新到CoreOS的主機ssh key允許清單中。假如CoreOS的 IP是192.168.1.109,則輸入:
cat ~/.ssh/id_rsa.pub | ssh co[email protected] -i insecure_ssh_key update-ssh-keys -a safeuser
insecure_ssh_key
了。輸入:ssh [email protected]
。
update-ssh-keys -D coreos-cloudinit
即可。
joshhu@ubuntu:~$ ssh [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
5e:a8:6e:7f:36:21:8c:1d:24:c7:37:0d:df:96:44:ae.
Please contact your system administrator.
Add correct host key in /home/joshhu/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/joshhu/.ssh/known_hosts:1
remove with: ssh-keygen -f "/home/joshhu/.ssh/known_hosts" -R 192.168.1.109
ED25519 host key for 192.168.1.109 has changed and you have requested strict checking.
Host key verification failed.
此時只要輸入ssh-keygen -f "/home/joshhu/.ssh/known_hosts" -R 192.168.1.109
來更新ssh key,就可以正常登入了。