在gcp实例上使用Ansible连接到另一个实例错误

时间:2020-04-29 22:16:15

标签: ssh google-cloud-platform ansible

我有一个称为master-instance-node的服务器和一个名为slave-instance-node-1的服务器。在安装了Ansible的master-instance-node中,我修改了/ etc / ansible / hosts文件并添加了以下内容

[webservers]
slave-instance-node-1

然后我尝试以下命令

ansible webservers -a "w " -u USERNAME,但出现以下错误:

slave-instance-node-1 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nThe ECDSA host key for slave-instance-node-1 has changed,\r\nand the key for the corresponding IP address XX.XXX.X.XX\r\nis unknown. This could either mean that\r\nDNS SPOOFING is happening or the IP address for the host\r\nand its host key have changed at the same time.\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ECDSA key sent by the remote host is\nSHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\r\nPlease contact your system administrator.\r\nAdd correct host key in /home/USERNAME/.ssh/known_hosts to get rid of this message.\r\nOffending ECDSA key in /home/USERNAME/.ssh/known_hosts:1\r\n  remove with:\r\n  ssh-keygen -f \"/home/USERNAME/.ssh/known_hosts\" -R \"slave-instance-node-1\"\r\nECDSA host key for slave-instance-node-1 has changed and you have requested strict checking.\r\nHost key verification failed.",
    "unreachable": true
}

我认为已知主机文件会在GCP中自动更新。该错误是什么意思,我该如何解决?

2 个答案:

答案 0 :(得分:0)

除了其他注释器之外,您还可以检查实例使用的IP。如果为外部IP配置了DNS,则您可能更希望使用静态外部IP,以避免实例重新启动后出现此错误。外部收件人是临时的,不仅可能在重新部署后出现问题,而且在重新启动后也可能出现此问题。您可能对此文档https://cloud.google.com/compute/docs/ip-addresses#externaladdresses

感兴趣

答案 1 :(得分:0)

感谢我的问题中的评论,我得以找到答案。首先,我必须使用命令remove with: ssh-keygen -f "/home/USERNAME/.ssh/known_hosts" -R "slave-instance-node-1".删除已知主机,还必须设置export ANSIBLE_HOST_KEY_CHECKING=false

然后,我必须将以下行添加到服务器名称/ ip ansible_user=USERNAME旁边的/ etc / ansible / hosts文件中。最后,我不得不在/etc/ansible/ansible.cfg文件private_key_file = /path/to/file

中添加以下行
相关问题
最新问题