Ssh
Fabric 過去可以使用 ssh-keys,但現在不行了
我的 ssh 密鑰設置正確,我可以在沒有密碼的情況下 ssh 進入遠端機器。
但是,直到幾個小時前,我的結構部署腳本才能自動進行身份驗證,每當我嘗試部署到遠端電腦時,它就會開始詢問我的私鑰密碼。
即使我輸入了我的密碼,它似乎也不在乎我是否提供了正確的密碼並且會提示系統登錄,就好像我根本沒有 ssh 密鑰一樣。
請記住,我是一名開發人員而不是系統工程師,他們不熟悉 Fabric 的工作原理。我錯過了一些明顯的東西的可能性很高。任何解決方案甚至是指向何處的指針都將不勝感激。
這是我從真正的部署腳本派生的校對腳本:
#!/usr/bin/env python2 import sys from fabric.api import * from fabric.network import ssh ssh.util.log_to_file("paramiko.log", 10) @hosts(['host-ip-address']) def boot(): env.use_ssh_config = True env.user = 'userlogin' env.key_filename = ['~/.ssh/some-public-key.pem'] env.gateway = 'user@gateway.com' execute(a) def a(): run('ls') boot()
這是來自 paramiko 的日誌消息:
DEB [20141007-19:22:50.804] thr=1 paramiko.transport: starting thread (client mode): 0xfe2790L INF [20141007-19:22:50.847] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_6.2) DEB [20141007-19:22:50.856] thr=1 paramiko.transport: kex algos:[u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-rsa', u'ssh-dss', u'ecdsa-sha2-nistp256'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-cbc@lysator.liu.se'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-cbc@lysator.liu.se'] client mac:[u'hmac-md5-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-ripemd160-etm@openssh.com', u'hmac-sha1-96-etm@openssh.com', u'hmac-md5-96-etm@openssh.com', u'hmac-md5', u'hmac-sha1', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u'hmac-ripemd160@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-ripemd160-etm@openssh.com', u'hmac-sha1-96-etm@openssh.com', u'hmac-md5-96-etm@openssh.com', u'hmac-md5', u'hmac-sha1', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u'hmac-ripemd160@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u'zlib@openssh.com'] server compress:[u'none', u'zlib@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False DEB [20141007-19:22:50.856] thr=1 paramiko.transport: Ciphers agreed: local=aes128-ctr, remote=aes128-ctr DEB [20141007-19:22:50.856] thr=1 paramiko.transport: using kex diffie-hellman-group14-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none DEB [20141007-19:22:50.903] thr=1 paramiko.transport: Switch to new keys ... DEB [20141007-19:22:50.907] thr=2 paramiko.transport: Trying key 3433922e6c7bef8672043fbfe07c22f3 from /Users/ganeshwara/.dme/sg-master.pem DEB [20141007-19:22:50.954] thr=1 paramiko.transport: userauth is OK INF [20141007-19:22:51.033] thr=1 paramiko.transport: Authentication (publickey) failed. DEB [20141007-19:22:51.040] thr=2 paramiko.transport: Trying SSH agent key f8f4822cc3d40df79b9f7c79f219c42c DEB [20141007-19:22:51.045] thr=1 paramiko.transport: userauth is OK INF [20141007-19:22:51.061] thr=1 paramiko.transport: Authentication (publickey) failed. DEB [20141007-19:22:51.704] thr=3 paramiko.transport: starting thread (client mode): 0xff0a10L INF [20141007-19:22:51.723] thr=3 paramiko.transport: Connected (version 2.0, client OpenSSH_6.2) DEB [20141007-19:22:51.728] thr=3 paramiko.transport: kex algos:[u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-rsa', u'ssh-dss', u'ecdsa-sha2-nistp256'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-cbc@lysator.liu.se'] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u'rijndael-cbc@lysator.liu.se'] client mac:[u'hmac-md5-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-ripemd160-etm@openssh.com', u'hmac-sha1-96-etm@openssh.com', u'hmac-md5-96-etm@openssh.com', u'hmac-md5', u'hmac-sha1', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u'hmac-ripemd160@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-ripemd160-etm@openssh.com', u'hmac-sha1-96-etm@openssh.com', u'hmac-md5-96-etm@openssh.com', u'hmac-md5', u'hmac-sha1', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u'hmac-ripemd160@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u'zlib@openssh.com'] server compress:[u'none', u'zlib@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False DEB [20141007-19:22:51.728] thr=3 paramiko.transport: Ciphers agreed: local=aes128-ctr, remote=aes128-ctr DEB [20141007-19:22:51.728] thr=3 paramiko.transport: using kex diffie-hellman-group14-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none DEB [20141007-19:22:51.799] thr=3 paramiko.transport: Switch to new keys ... DEB [20141007-19:22:51.806] thr=2 paramiko.transport: Trying key 3433922e6c7bef8672043fbfe07c22f3 from /Users/ganeshwara/.dme/sg-master.pem DEB [20141007-19:22:51.848] thr=3 paramiko.transport: userauth is OK INF [20141007-19:22:51.932] thr=3 paramiko.transport: Authentication (publickey) failed. DEB [20141007-19:22:51.938] thr=2 paramiko.transport: Trying SSH agent key f8f4822cc3d40df79b9f7c79f219c42c DEB [20141007-19:22:51.943] thr=3 paramiko.transport: userauth is OK INF [20141007-19:22:51.955] thr=3 paramiko.transport: Authentication (publickey) failed. DEB [20141007-19:22:51.979] thr=3 paramiko.transport: userauth is OK DEB [20141007-19:22:51.984] thr=3 paramiko.transport: Authentication type (password) not permitted. DEB [20141007-19:22:51.985] thr=3 paramiko.transport: Allowed methods: [u'publickey'] DEB [20141007-19:22:52.717] thr=1 paramiko.transport: EOF in transport thread DEB [20141007-19:22:52.794] thr=3 paramiko.transport: EOF in transport thread
編輯:
我的
~/.ssh/config
Host gateway HostName gateway.com User user Port 22 IdentityFile ~/.ssh/some-public-key.pem Host remote-machine HostName host-ip-address User userlogin IdentityFile ~/.ssh/remote-machine.pem ProxyCommand ssh gateway -W %h:%p
我想澄清一下,在我的本地機器上,我確實可以成功連接到遠端機器,如下所示:
# ssh remote-machine
我發現了這個問題。
我必須重新添加所有密鑰,即
ssh-add <path/to/key.pem>
如果我重新啟動電腦。該執行緒解釋了所需的配置,因此您不必在每次重新啟動機器時都重新添加密鑰。