我在PHPStorm中使用subversion,当我尝试连接到SVN服务器时,我收到以下错误...
无法建立主机svn + ssh://svn.example.com:22的真实性。 ssh-rsa密钥指纹是
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
您确定要继续连接吗?
问题是指纹与服务器的指纹不匹配。 如果我从〜/ .ssh / known_hosts文件中删除服务器,然后ssh到它显示一个完全不同的指纹 - 这是该服务器的正确指纹。
我刚刚将SVN存储库移动到新服务器,并将DNS更改为指向新服务器,因此我期待PHPStorm抱怨指纹不匹配,但我很惊讶它没有显示新服务器的正确指纹。 指纹与旧服务器或PHPStorm连接的任何其他服务器都不匹配。 在我明白发生了什么之前,我很担心让它连接起来。
PHPStorm正确连接到新服务器,所以我看不出它是如何得到错误的指纹,而且我看到一个真正的人在中间攻击似乎不太可能,因为每当我从它看到的命令行ssh正确的指纹。
我不确定PHPStorm在哪里缓存服务器指纹。 我已经尝试使缓存无效,看看是否会让它忘记任何过时的指纹数据,但这似乎不太可能,因为报告的指纹与旧服务器或新服务器不匹配。
我得出结论这是PHPStorm中的一个错误,但任何其他想法都会非常受欢迎。
编辑:
PHPStorm显示20字节指纹。 在服务器上运行(debian)
ssh-keygen -l -f / etc / ssh / ssh_host_rsa_key
显示16字节指纹,因此无法匹配。 有没有办法从服务器的公钥获取20字节的指纹?
I'm using subversion from within PHPStorm, and I'm getting the following error when I try to connect to the SVN server...
The authenticity of host svn+ssh://svn.example.com:22 can't be established. ssh-rsa key fingerprint is
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
Are you sure you want to continue connecting?
The problem is that the fingerprint doesn't match the fingerprint for the server. If I remove the server from my ~/.ssh/known_hosts file and then ssh to it displays an entirely different fingerprint - which is the correct one for that server.
I have just moved the SVN repository to a new server, and changed DNS to point to the new server, so I was expecting PHPStorm to complain about a mismatching fingerprint, but I'm surprised that it's not showing the correct fingerprint for the new server. The fingerprint doesn't match the old server either, or any other server PHPStorm has ever connected to. I'm wary of letting it connect until I understand what's going on.
PHPStorm is correctly connecting to the new server, so I don't see how it can be getting the wrong fingerprint, and it seems unlikely that I'm seeing an actual man in the middle attack since whenever I ssh from the command line it sees the correct fingerprint.
I'm not sure where PHPStorm caches server fingerprints. I've tried invalidating caches to see if that would make it forget any outdated fingerprint data, but that seems unlikely given the reported fingerprint doesn't match the old or new servers.
I'm coming to the conclusion this is a bug in PHPStorm, but any other thoughts would be very welcome.
EDIT:
PHPStorm is showing a 20 byte fingerprint. Running this on the server (debian)
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
displays a 16 byte fingerprint, so they couldn't possibly match. Is there a way of getting a 20 byte fingerprint from the server's public key?
最满意答案
事实证明,160位(20字节)散列PHPStorm显示的是SHA1散列,而ssh-keygen显示的是128位(16字节)MD5散列。
两者都没有非常明确,所以我只是拼凑一个快速脚本来显示公钥的各种哈希值(假设您的公钥在/etc/ssh/ssh_host_rsa_key.pub中)
#!/usr/bin/python import binascii import hashlib keyfile = "/etc/ssh/ssh_host_rsa_key.pub" def showHash(type, hash, data): hash.update(data) hex=hash.hexdigest() hexbytes=[hex[i:i+2] for i in range(0, len(hex), 2)] hexstring=":".join(hexbytes) print type+" "+hexstring f = open(keyfile) words = f.readline().split() data=words[1] bindata=binascii.a2b_base64(data) showHash("md5", hashlib.md5(), bindata) showHash("sha1", hashlib.sha1(), bindata) showHash("sha256", hashlib.sha256(), bindata)事实证明,PHPStorm正在使用SHA1哈希,并且非常正确。 但是,如果您可以选择在ssh-keygen(我相信您可以在sh-keygen-g3中)或PHPStorm中使用哪个哈希函数,将会很有帮助。
So it turns out that the 160bit (20 byte) hash PHPStorm displays is a SHA1 hash, whereas ssh-keygen is showing a 128bit (16 byte) MD5 hash.
Neither are very explicit about that, so I've just thrown together a quick script to show various hashes of a public key (assuming your public key is in /etc/ssh/ssh_host_rsa_key.pub
#!/usr/bin/python import binascii import hashlib keyfile = "/etc/ssh/ssh_host_rsa_key.pub" def showHash(type, hash, data): hash.update(data) hex=hash.hexdigest() hexbytes=[hex[i:i+2] for i in range(0, len(hex), 2)] hexstring=":".join(hexbytes) print type+" "+hexstring f = open(keyfile) words = f.readline().split() data=words[1] bindata=binascii.a2b_base64(data) showHash("md5", hashlib.md5(), bindata) showHash("sha1", hashlib.sha1(), bindata) showHash("sha256", hashlib.sha256(), bindata)Turns out that PHPStorm is using the SHA1 hash, and is quite correct. But it would be helpful if you could select which hash function to use in either ssh-keygen (which I believe you can in sh-keygen-g3) or in PHPStorm.
更多推荐
发布评论