ssh远程主机秘钥失效的解决方法

问题描述

A机器通过ssh-copy-id root@IP(B)添加了链接到B机器的ssh秘钥。但是某天，B机器的密码修改或者机器重装，此时，在A机器上再次ssh IP(B)会报类似如下错误：

Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:4
  remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R kube-001
ECDSA host key for kube-001 has changed and you have requested strict checking.
Host key verification failed.

此时无法ssh到B，如果重新使用以下命令：

ssh-copy-id root@IP(B)

会报错如下：

ssh-copy-id root@IP(B)
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.

解决办法

ssh-keygen -R IP(B)

提示如下表示成功：

ssh-keygen -R IP(B)
# Host kube-002 found: line 4 type ECDSA
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old