SSH 호스트 키 확인 실패(Host key verification failed)

SSH 호스트 키 확인 실패(Host key verification failed)

$ ssh-copy-id vagrant@172.17.0.3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/vagrant/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: 
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!
ERROR: It is also possible that a host key has just been changed.
ERROR: The fingerprint for the ECDSA key sent by the remote host is
ERROR: SHA256:xBnX3I1V6IwzUqHzUz99E7r37CoOVmwPJDI/0/H1xmg.
ERROR: Please contact your system administrator.
ERROR: Add correct host key in /home/vagrant/.ssh/known_hosts to get rid of this message.
ERROR: Offending ECDSA key in /home/vagrant/.ssh/known_hosts:82
ERROR: ECDSA host key for 172.17.0.3 has changed and you have requested strict checking.
ERROR: Host key verification failed.

이러한 오류는 보안상의 이유로 SSH 호스트의 신원을 확인하는 데 사용되는 호스트 키가 변경되었음을 나타냅니다. 이는 해당 호스트에서 기존에 사용한 SSH 키와 다른 키가 사용되고 있다는 것을 의미합니다.

 

해결 방법 중 하나는 /home/vagrant/.ssh/known_hosts 파일에서 해당 호스트에 대한 기존의 키를 제거하는 것입니다

 

해당 호스트에 대한 known_hosts 파일에서 기존의 키를 제거하는 명령어

ssh-keygen -R 172.17.0.3

또는

ssh-keygen -f "~/.ssh/known_hosts" -R "172.17.0.3"

$ ssh-keygen -f "~/.ssh/known_hosts" -R "172.17.0.3"
# Host 172.17.0.3 found: line 82
/home/vagrant/.ssh/known_hosts updated.

해당 호스트에 대한 기존 키를 제거하고 다시 연결 시 새로운 호스트 키를 수락하도록 합니다.

 

ssh-copy-id 명령어를 사용하여 새로운 키를 known_hosts 파일에 추가

 ssh-copy-id vagrant@172.17.0.3

$ ssh-copy-id vagrant@172.17.0.3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/vagrant/.ssh/id_rsa.pub"
The authenticity of host '172.17.0.3 (172.17.0.3)' can't be established.
ECDSA key fingerprint is SHA256:xBnX3I1V6IwzUqHzUz99E7r37CoOVmwPJDI/0/H1xmg.
ECDSA key fingerprint is MD5:f9:c4:0b:5d:59:3e:d6:49:d9:bc:1b:37:71:e1:6b:7d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
vagrant@172.17.0.3's password: 
Permission denied, please try again.
vagrant@172.17.0.3's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'vagrant@172.17.0.3'"
and check to make sure that only the key(s) you wanted were added.