当前位置: 文江博客话题详情

Git 说“警告:永久添加到已知主机列表”

发布于 2025-01-06 07:30:55 字数 147 浏览 1 评论 0原文

每次我使用 git 与远程交互时,例如拉或推时,都会显示以下消息:

警告:已将“...”(RSA) 永久添加到已知主机列表中。

如何防止显示这条烦人的消息?这只是一个烦恼——一切都运转正常。

原文

Every time I use git to interact with a remote, such as when pulling or pushing, I am shown the following message:

Warning: Permanently added '...' (RSA) to the list of known hosts.

How can I prevent this annoying message from displaying? It is only an annoyance—everything functions properly.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(15

夜吻♂芭芘 2025-01-13 07:30:55

创建一个 ~/.ssh/config 文件并插入以下行:

UserKnownHostsFile ~/.ssh/known_hosts

下次访问 Github 时您将看到该消息,但之后您将不再看到它,因为主机已添加到known_hosts 文件。这解决了问题,而不仅仅是隐藏日志消息。

这个问题困扰了我很长一段时间。出现此问题的原因是针对 Windows 编译的 OpenSSH 客户端未检查 ~/.ssh/known_hosts 中的known_hosts 文件

ssh -vvv [电子邮件受保护]

debug3: check_host_in_hostfile: filename /dev/null
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /dev/null
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
Warning: Permanently added 'github.com,207.97.227.239' (RSA) to the list of known hosts.

Create a ~/.ssh/config file and insert the line:

UserKnownHostsFile ~/.ssh/known_hosts

You will then see the message the next time you access Github, but after that you'll not see it anymore because the host is added to the known_hosts file. This fixes the issue, rather than just hiding the log message.

This problem was bugging me for quite some time. The problem occurs because the OpenSSH client compiled for Windows doesn't check the known_hosts file in ~/.ssh/known_hosts

ssh -vvv [email protected]

debug3: check_host_in_hostfile: filename /dev/null
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /dev/null
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
Warning: Permanently added 'github.com,207.97.227.239' (RSA) to the list of known hosts.
回复 原文
染柒℉ 2025-01-13 07:30:55

将以下行添加到您的 ssh 配置文件 ($HOME/.ssh/config):

LogLevel=quiet

如果从命令行运行 ssh,请将以下选项添加到命令字符串:

-o LogLevel=quiet

例如,以下内容打印出 machine.example 上安装的 gcc 版本.org(并且没有警告):

ssh -o UserKnownHostsFile=/dev/null \
    -o StrictHostKeyChecking=no \
    -o LogLevel=quiet \
    -i identity_file \
    machine.example.org \
    gcc -dumpversion

Add the following line to your ssh config file ($HOME/.ssh/config):

LogLevel=quiet

If running ssh from the command line add the following option to the command string:

-o LogLevel=quiet

For example, the following prints out the gcc version installed on machine.example.org (and no warning):

ssh -o UserKnownHostsFile=/dev/null \
    -o StrictHostKeyChecking=no \
    -o LogLevel=quiet \
    -i identity_file \
    machine.example.org \
    gcc -dumpversion
回复 原文
携余温的黄昏 2025-01-13 07:30:55

~/.ssh/config 文件中将 LogLevel 设置为 ERROR(而不是 QUIET)以避免看到这些错误:

Host *
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null
   LogLevel ERROR

Set LogLevel to ERROR (not QUIET) in ~/.ssh/config file to avoid seeing these errors:

Host *
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null
   LogLevel ERROR
回复 原文
最单纯的乌龟 2025-01-13 07:30:55

该消息来自 SSH,它警告您正在连接到以前从未连接过的主机。我不建议将其关闭,因为这意味着您可能会错过有关主机密钥更改的警告,这可能表明您的 SSH 会话受到 MITM 攻击。

That message is from SSH, which is warning you that you are connecting to a host which you've never connected to before. I wouldn't recommend turning it off, since it would mean that you might miss a warning about a host key changing, which can indicate a MITM attack on your SSH session.

回复 原文
冬天旳寂寞 2025-01-13 07:30:55

要抑制 ssh 的警告消息,您可以将以下行添加到 ~/.ssh/config 中:

Host *
LogLevel error

这将禁用警告,但不会禁用错误消息。与 ~/.ssh/config 中的其他设置一样,如果您想要更细粒度的控制,您可以在每个主机的基础上配置 LogLevel

To suppress warning messages for ssh you can add the following lines to ~/.ssh/config:

Host *
LogLevel error

That will disable warnings but not error messages. Like the other settings in ~/.ssh/config you can configure the LogLevel on a per-host basis if you want a more finegrained control.

回复 原文
染墨丶若流云 2025-01-13 07:30:55

这主要意味着该主机~/.ssh/known_hosts的密钥发生了变化,并且不会自动更新它。因此,每次您收到此警告消息时。

这种情况经常发生在连接到重新创建的虚拟机时,它会更改具有相同 IP 地址的密钥

解决方案

如果您只有一个条目,那么您可以删除 ~/.ssh /known_hosts 文件,并且在第一次连接后,密钥将在那里,并且此后不会出现警告消息。

如果您有多个条目,那么您可以使用下面的命令来删除

$ ssh-keygen -R <hostname>

它对我来说效果很好

It mainly means there are changes for the key for that host ~/.ssh/known_hosts, and it will not automatically UPDATE it. Therefore every time you get this warning message.

This happens often for the connecting to the re-created virtual machines, which changes the key with the same IP address

Solution

If you only have one entry, then you can delete the ~/.ssh/known_hosts file, and after first connection, that the key will be there, and no warning messages after that.

If you have multiple entries, then you can use command below to remove

$ ssh-keygen -R <hostname>

It works fine for me

回复 原文
茶底世界 2025-01-13 07:30:55

添加 ssh 密钥

ssh-keygen -t rsa -b 4096 -C "[email protected]"

eval "$(ssh-agent -s)"

ssh-add ~/.ssh/bitbucket_rsa

箱配置文件

crate ~/.ssh/config

添加以下行。

UserKnownHostsFile ~/.ssh/known_hosts

然后添加公钥并克隆您的存储库...完成......

Add ssh key

ssh-keygen -t rsa -b 4096 -C "[email protected]"

eval "$(ssh-agent -s)"

ssh-add ~/.ssh/bitbucket_rsa

crate config file

crate ~/.ssh/config

add below line.

UserKnownHostsFile ~/.ssh/known_hosts

Then add pub key and clone your repository... Done.....

回复 原文
尐偏执 2025-01-13 07:30:55

将您的私钥添加到 ssh-agent 中:

ssh-add ~/.ssh/id_rsa

add your private key to the ssh-agent with:

ssh-add ~/.ssh/id_rsa
回复 原文
单身狗的梦 2025-01-13 07:30:55

如果您使用的是 GitHub 中的存储库,请考虑使用 URL 的 HTTPS 版本,以完全避免此问题:

单击 HTTP 按钮并克隆该 URL

如果您从 Windows GitHub 应用程序中克隆存储库,这就是它用于远程 URL 的内容。也许他们知道一些我们不知道的事情。

If you are using a repository from GitHub, consider using the HTTPS version of the URL instead, to sidestep this problem entirely:

Click the HTTP button and clone that URL instead

If you clone your repository from within the Windows GitHub application, this is what it uses for the remote URL. Maybe they know something we don't know.

回复 原文
欲拥i 2025-01-13 07:30:55

当我开始使用 Windows 机器时,我遇到了同样的问题。就我而言,这是因为我的 SSH 设置尚未完成。 Github 有关于 SSH 设置的非常精确的文档。一旦解决了这个问题,问题就解决了。

https://help.github.com/articles/checking-for -现有-ssh-密钥/
https ://help.github.com/articles/generate-a-new-ssh-key-and-adding-it-to-the-ssh-agent/

I got into the same issue when I started using a Windows machine. In my case it was because my SSH setup was not done. Github has a very precise documentation on the SSH setup. Once that's taken care, the issue was resolved.

https://help.github.com/articles/checking-for-existing-ssh-keys/
https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/

回复 原文
自在安然 2025-01-13 07:30:55

就我而言,这是因为设置服务器的管理员在 ~/.ssh/config 中设置了这些选项,

StrictHostKeyChecking no
UserKnownHostsFile /dev/null

在大多数情况下,不使用 ~/.ssh/known_hosts 效果很好。 文件。但对于企业版gitlab仓库,每次都会给出“警告:永久添加......到已知主机列表”。

我的解决方案是注释掉 UserKnownHostsFile /dev/null 行,这允许创建 ~/.ssh/known_hosts。之后就没有再发出任何警告。

您的 known_hosts 中可能还存在旧的/无效的条目。

# find entry in ~/.ssh/known_hosts
ssh-keygen -F <hostname>

# delete entry in ~/.ssh/known_hosts
ssh-keygen -R <hostname>

In my case, it was because the admin who set up the server set these options in ~/.ssh/config

StrictHostKeyChecking no
UserKnownHostsFile /dev/null

Which worked fine for most cases by not using the ~/.ssh/known_hosts file. But for the enterprise gitlab repo, every time it gave the "Warning: Permanently added ... to the list of known hosts."

My solution was to comment out the UserKnownHostsFile /dev/null line, which allowed the creation of ~/.ssh/known_hosts. Then it didn't give any more warnings after that.

You might also have a old/invalid entries in your known_hosts.

# find entry in ~/.ssh/known_hosts
ssh-keygen -F <hostname>

# delete entry in ~/.ssh/known_hosts
ssh-keygen -R <hostname>
回复 原文
能怎样 2025-01-13 07:30:55

就我而言,我仅在使用 Gridengine qrsh 远程 shell 登录时收到 ssh 警告。而普通的 ssh 会按预期工作(第一次发出警告,然后随后安静)。

我的解决方案是手动填写 Gridengine 可以选择的所有可能的服务器名称(使用 qhost 列出服务器):

for p in server1 server2 server3 server4; do
  ssh-keyscan -H ${p}.company.com;
  ssh-keyscan -H $(getent hosts $p | perl -lane 'print $F[0]');
done >> ~/.ssh/known_hosts

背景:

Gridengine 是一个作业调度程序可以使用 ssh 选择负载最少的服务器。发出警告的原因是 qrsh 似乎总是指定一个非标准端口来进行 ssh 连接,导致 known_hosts 使用也包含端口号的条目进行更新。下次当 qrsh 选择同一服务器时,将会有一个新的端口号,并且 known_hosts 将使用新的特定于端口的条目进行更新。还添加原始主机 IP 地址的原因是某些主机使用了 ecdsa-sha2-nistp521。如果未添加原始 IP 条目,我会收到警告:

ECDSA host key for IP address '10.1.2.3' not in list of known hosts.

I my case I only got the ssh warning when using Gridengine qrsh remote shell login. Whereas a normal ssh would work as expected (warning first time, then quiet subsequent times).

My solution was to manually fill ~/.ssh/known_hosts with all the possible server names that Gridengine could choose (use qhost to list the servers):

for p in server1 server2 server3 server4; do
  ssh-keyscan -H ${p}.company.com;
  ssh-keyscan -H $(getent hosts $p | perl -lane 'print $F[0]');
done >> ~/.ssh/known_hosts

Background:

Gridengine is a job scheduler which can use ssh to select the least loaded server. The reason for the warning is that qrsh seem to always specify a non-standard port for doing the ssh connection, causing known_hosts to be updated with an entry also containing a port number. Next time when qrsh selects the same server there would be a new port-number and known_hosts would get updated with a new port-specific entry. The reason for also adding the raw host IP address is that some hosts used ecdsa-sha2-nistp521. If a raw IP entry is not added I would get the warning:

ECDSA host key for IP address '10.1.2.3' not in list of known hosts.
回复 原文
眼中杀气 2025-01-13 07:30:55

我在 Linux/Cent OS VM 中遇到了同样的错误,这是因为重启后 IP 发生了变化。为了解决这个问题,我在网络中定义了一个静态 IP 并将该条目添加到 /etc/hosts 文件中。对于静态 IP,请提及稍高的范围值。例如,如果您当前的 IP (ipconfig/ifconfig) 是 192.168.0.102,下次重新启动后可能会变为 192.168.0.103。因此,在 IPV4 设置中将静态 IP 定义为 192.168.0.181 即可。

I had faced the same error in Linux/Cent OS VM and it was because the IP was changing after restart. In order to get around this problem, I defined a static IP in the network and added that entry to /etc/hosts file. For static IP mention a slightly higher range value. For example if your current IP (ipconfig/ifconfig) is 192.168.0.102, next time after restart this may become 192.168.0.103. So define your static IP in IPV4 settings as 192.168.0.181 which should do the trick.

回复 原文
情域 2025-01-13 07:30:55

你只需要这个命令。

如果是,请使用 GitHub:

ssh -T [email protected]

如果您使用 GitLab:

ssh -T [email protected]

you just need this command.

If it is, use GitHub:

ssh -T [email protected]

If you use GitLab:

ssh -T [email protected]
回复 原文
嘦怹 2025-01-13 07:30:55

据我所知,对于您提到的问题没有干净的解决方案。
之前建议的 /dev/null 重定向仍然会显示警告,它只是通过将输出重定向到 /dev/null 来禁用存储远程密钥的安全功能。
所以 ssh 仍然会认为它写了一些实际上被丢弃的东西。

据我所知,唯一的选择是捕获消息并将其从标准输出中删除。

ssh/scp..... 2>&1 | grep -v "^Warning: Permanently added"

这是一个完整的示例,您可以将其用作包装器来隐藏此类警告:

#!/bin/bash
remove="^Warning: Permanently added" # message to remove from output

cmd=${0##*/}

case $cmd in
 ssh)
  binary=/usr/bin/ssh
 ;;
 *)
  echo "unsupported binary ($0)"
  exit
 ;;
esac
$binary "$@" 2>&1 | grep -v "$remove"

要安装它,您所需要做的就是添加/修改您要修改的实际命令的“case”语句。 (ssh、scp、git 等)。
“ssh)”表示脚本必须命名为“ssh”(或者脚本的链接名为 ssh)。
binary=/full/path 是脚本应包装的二进制文件的路径。
然后将具有您选择的名称的脚本放入 /bin 或其他位置。

该脚本还可以在 $binary 变量中使用 -o "UserKnownHostsFile=/dev/null" ,这比将此类安全风险放入全局 ssh 配置中要好得多。影响您所有的 ssh 会话,而不仅仅是那些您想要抑制消息的会话。

缺点:
这是一个有点开销,不是一个完全干净的解决方案,并将 stderr 移到 stdout 中,这可能并不在所有情况下都很好。
但它将消除您不希望看到的任何类型的警告消息,并且您可以使用单个脚本来包装您想要的所有二进制文件(通过使用指向它的文件系统链接)

There is no clean solution for the problem you noted as far as I am aware.
The previously suggested /dev/null redirection will still display the warning, it just disables the security feature of storing the remote keys by redirecting the output into /dev/null.
So ssh would still think it writes something which is actually discarded.

As I know the only option is to catch the message and remove it from stdout.

ssh/scp..... 2>&1 | grep -v "^Warning: Permanently added"

Here is a complete example that you can use as wrapper to hide such warnings:

#!/bin/bash
remove="^Warning: Permanently added" # message to remove from output

cmd=${0##*/}

case $cmd in
 ssh)
  binary=/usr/bin/ssh
 ;;
 *)
  echo "unsupported binary ($0)"
  exit
 ;;
esac
$binary "$@" 2>&1 | grep -v "$remove"

To install it all you need to do is add/modify the "case" statement for the actual command you wish to modify. (ssh, scp, git etc).
the "ssh)" means the script has to be named "ssh" (or a link to the script is named ssh).
The binary=/full/path is the path to the binary the script should wrap.
Then put the script with a name of your choice into /bin or somewhere else.

The script also the place where you can use a -o "UserKnownHostsFile=/dev/null" to the $binary variable, that's a lot better than putting such a security risk into the global ssh configuration which will affect all your ssh sessions and not just those you want to supress the message.

Disadvantages:
It's a bit overhead, not a perfectly clean solution and moves stderr into stdout which might not be good in all cases.
But it will get rid of any sort of warning messages you don't wish to see and you can use a single script to wrap all binaries you want (by using filesystem links to it)

回复 原文
~没有更多了~

关于作者

巴黎盛开的樱花

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

微信用户

文章 0 评论 0

小情绪

文章 0 评论 0

追我者格杀勿论

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

笨死的猪

文章 0 评论 0

彭明超

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文