【问题标题】:Fabric: paramiko using the wrong ssh keysFabric:paramiko 使用了错误的 ssh 密钥
【发布时间】:2018-01-25 08:15:18
【问题描述】:

Fabric 不断提示输入密码,而不是正确使用 ssh 密钥。如果我启用调试日志显示

[my.server.com] Executing task 'min_test_deploy'
[my.server.com] sudo: git pull origin master
DEBUG:paramiko.transport:starting thread (client mode): 0x1116510L
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.4.0
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_7.2p2)
DEBUG:paramiko.transport:kex algos:[u'curve25519-sha256@libssh.org', u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group14-sha1'] server key:[u'ssh-rsa', u'rsa-sha2-512', u'rsa-sha2-256', u'ecdsa-sha2-nistp256', u'ssh-ed25519'] client encrypt:[u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com'] server encrypt:[u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com'] client mac:[u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'] server mac:[u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'] client compress:[u'none', u'zlib@openssh.com'] server compress:[u'none', u'zlib@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False
DEBUG:paramiko.transport:Kex agreed: ecdh-sha2-nistp256
DEBUG:paramiko.transport:HostKey agreed: ecdsa-sha2-nistp256
DEBUG:paramiko.transport:Cipher agreed: aes128-ctr
DEBUG:paramiko.transport:MAC agreed: hmac-sha2-256
DEBUG:paramiko.transport:Compression agreed: none
DEBUG:paramiko.transport:kex engine KexNistp256 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Trying SSH agent key 884f51116337cf3a383d8bacaf28c3a7
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) failed.
DEBUG:paramiko.transport:Trying discovered key 884f51116337cf3a383d8bacaf28c3a7 in /home/mylocaluser/.ssh/id_rsa
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) failed.
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (password) failed.
[my.server.com] Login password for 'myremoteuser': 
Stopped.
DEBUG:paramiko.transport:EOF in transport thread

它会立即尝试 ssh 密钥 Trying SSH agent key 884f51116337cf3a383d8bacaf28c3a7" from "/home/mylocaluser/.ssh/id_rsa

我不确定这个指纹/ID 实际对应的是什么?因为对于那个键

   ssh-keygen -lf /home/mylocaluser/.ssh/id_rsa
2048 SHA256:R04myXp6cyNgH6NlZURRJnqyKugEeI3mN8GWijrqi5g me@somewhere.com (RSA)

但无论如何它是 id_rsa 键,当我在我的 fab 文件中时

env.use_ssh_config = True                                                    

env.ssh_config_path = '/home/mylocaluser/.ssh/config'

配置显示

Host evo_test
  HostName my.server.com
  User myremoteuser
  IdentityFile ~/.ssh/evo_test.rsa

如何强制它尝试正确的 ssh 密钥?

【问题讨论】:

    标签: ssh paramiko fabric


    【解决方案1】:

    原来ssh-add ~/.ssh/evo_test.rsa 解决了这个问题。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2018-07-26
      • 1970-01-01
      • 2020-04-10
      • 1970-01-01
      • 2021-06-06
      • 1970-01-01
      • 2014-01-04
      • 1970-01-01
      相关资源
      最近更新 更多