当前位置: 首页 > 面试题库 >

jenkins-无法SSH到远程服务器(密钥-权限被拒绝),但可以从cli运行

任文乐
2023-03-14
问题内容

我有Jenkins在我的本地计算机上运行,​​试图找出服务器上的远程ssh问题。我收到此拒绝权限错误,该错误指示密钥存在问题,但是从外壳上的同一用户帐户,我肯定可以连接。

Started by user anonymous
Building in workspace /Users/jgoodwin/jenkins/workspace/app
[postprocessor] $ /bin/sh -xe /var/folders/b0/h_wtmzss6cx11p6153y9h2cr0000gn/T/hudson4163212101874527747.sh
+ echo /Users/jgoodwin
/Users/jgoodwin
+ whoami
jgoodwin
+ ssh -i /Users/jgoodwin/.ssh/id_rsa remoteuser@server 'echo success'
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Build step 'Execute shell' marked build as failure
Finished: FAILURE

这是直接在shell上运行的:

Jasons-MacBook-Air:~ jgoodwin$ echo $HOME
/Users/jgoodwin
Jasons-MacBook-Air:~ jgoodwin$ whoami
jgoodwin
Jasons-MacBook-Air:~ jgoodwin$ ssh -i /Users/jgoodwin/.ssh/id_rsa remoteuser@server 'echo success'
success

我很沮丧-过去我曾在hudson上做过很多工作,而且我认为在进行此类工作时没有任何问题。该错误表明按键有问题,但是显然可以。

编辑:

根据请求的详细日志

OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to hostname [ip] port 22.
debug1: Connection established.
debug1: identity file /Users/jgoodwin/.ssh/id_rsa type 1
debug1: identity file /Users/jgoodwin/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA ed:d4:92:3f:33:bd:dd:b9:eb:d1:b2:19:4c:f1:70:e9
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /Users/jgoodwin/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Build step 'Execute shell' marked build as failure

编辑:成功尝试添加8/15

OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to hostname [ip] port 22.
debug1: Connection established.
debug1: identity file /Users/jgoodwin/.ssh/id_rsa type 1
debug1: identity file /Users/jgoodwin/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 40:bf:b5:74:1c:5f:b6:93:00:4b:ca:1d:fc:0f:39:ec
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /Users/jgoodwin/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to hostname ([54.226.250.218]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_CA.UTF-8
Last login: Thu Aug 15 13:09:32 2013 from 66.199.39.230

问题答案:

多种原因可能导致此行为,例如使用代理/钥匙串管理器进行密钥缓存等。

我建议使用-v参数比较2个输出:

ssh -v -i /Users/jgoodwin/.ssh/id_rsa remoteuser@server

这将使您以更详细的方式比较正在发生的事情。如果仍然无法解决,请发布详细输出进行比较。

注意:您最多可以添加3个-v参数以提高详细程度。

更新时间

@JasonG从我看到的失败的详细信息是:

debug1:提供RSA公钥:/Users/jgoodwin/.ssh/id_rsa debug1:服务器接受密钥:pkalg ssh-rsa blen
279
debug1:key_parse_private_pem:PEM_read_PrivateKey调试失败:已读取PEM私钥已完成:键入debug1:read_passphrase:无法打开/
dev / tty:未配置设备


您的密钥似乎有一个密码短语,由于我们不在交互式外壳中,因此无法输入该密码短语。标准外壳程序的命令行可能会受益于Keycahin,它会为您“键入密码短语”。

如果您可以为成功的命令生成相同的详细程度,以便我们进行比较…



 类似资料:
  • 我正在尝试使用playbook更改密码,但未获得这样做的权限。 我正在运行命令: 致命:[主机1]:无法访问=

  • 我们有一个共同的LDAP帐户/用户。我们计划使用此用户为我们的团队配置 Jenkins。 < li >我使用我的登录名登录到机器/虚拟机并安装了Jenkins。 < li >然后,我仅从我的帐户生成ssh密钥,但我在生成ssh密钥时提供的电子邮件id是普通用户。 < li >然后我将公共ssh密钥添加到Github中(在GitHub中,我使用普通用户登录)。 < li >将私钥添加到Jenkins

  • 我尝试在3台机器上作为集群运行kafka,我已经在所有机器上配置了Zookeeper。现在我尝试在第一台机器上启动kafka服务器,使用 它给出的错误是 kafka安装在路径 /tmp/kafka/kafka_2.11-1.1.0/中,kafka日志在路径 /var/lib/kafka中。我已经以root用户身份登录。但我仍然收到这些错误。我检查了kafka目录bin中. sh文件的权限。所有这些

  • 问题内容: 很抱歉来到这里问这个问题,但是我已经读完了所有互联网,试图找到解决方案,但是我仍然遇到这个问题… 我已经成功安装了Jenkins(让我在仍有希望的时候开始)可以在我们的持续集成流程中使用它。 我试图从这样一个简单的例子开始: 但是每次启动时,都会出现此错误: 问题在于用户jenkins(服务和主节点以Jenkins的身份运行)拥有此存储库上的所有权限。我试图授予组和其他人读取和执行的权

  • 我需要发送一个pdf文件(从一个gpu输出和定位)在一个远程服务器到我的本地(mac)机器。我通过我的本地终端进行了尝试,每次尝试都收到错误。下面提供了终端文本输入和输出 1. 错误 虽然这个问题已经发布了几次之前,我已经尝试了建议的正确解决方案,仍然无法执行我的任务。本任务中的任何解决方案或方向都将受到高度赞赏。谢谢你

  • 我有一个centos EC2和Laravel应用程序。我还在同一个EC2实例上安装了MySQL。它工作得很好。 现在我决定将MYSQL迁移到AWS RDS(MYSQL Aurora)。我可以通过Heidi连接到AWS RDS并进行查询,没有问题。 然而,在Laravel中,它抛出异常。我更改了DB_HOST、DB_DATABASE、DB_USERNAMEDB_PASSWORD的. env文件凭据。