PVE 在 noVNC 出現無法連線到伺服器的解法

今天打開 PVE 發現沒有辦法連上 noVNC 上方出現 無法連線到伺服器,不過測試了一下發現它自己的節點是正常的,所以由此可知伺服器是正常的,所以要解決的只有無法 VNC 的問題。

然後看了一下下方的 LOG 有顯示錯誤是 Host key verification failed. 所以看起來問題就是 key 檔案了。

解決方法

在不可以連上機器 noVNC 的那台主機上使用以下指令

  • server-b-name:伺服器 B 的名稱
  • server-b-ip-address:伺服器 B 的 IP 位置
/usr/bin/ssh -e none -o 'HostKeyAlias=server-b-name' [email protected] /bin/true

所以像是我自己的

  • 伺服器名稱:pve002
  • IP 位置:192.168.10.12

就使用以下

/usr/bin/ssh -e none -o 'HostKeyAlias=pve002' [email protected] /bin/true

例外狀況

直接連線可能會出現 WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! 的問題,這邊只要依照它的建議使用指令 ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "pve002" 就可以了

[email protected]:~# /usr/bin/ssh -e none -o 'HostKeyAlias=pve002' [email protected] /bin/true
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:2222Gacr34i4P9Qk1F+MfMCzFsY1X01xd4F4rfc60iU.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /etc/ssh/ssh_known_hosts:9
  remove with:
  ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "pve002"
RSA host key for pve002 has changed and you have requested strict checking.
Host key verification failed.

再連線一次就正常了

[email protected]:~# ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "pve002"
# Host pve002 found: line 9
/etc/ssh/ssh_known_hosts updated.
Original contents retained as /etc/ssh/ssh_known_hosts.old
[email protected]:~# /usr/bin/ssh -e none -o 'HostKeyAlias=pve002' [email protected] /bin/true
The authenticity of host 'pve002 (192.168.10.12)' can't be established.
ECDSA key fingerprint is SHA256:O001Hhcb/FausYPjHpsyA/Mc4A+2/JiCGndgK9e9Vu4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'pve002' (ECDSA) to the list of known hosts.