【发布时间】:2018-01-25 08:15:18
【问题描述】:
Fabric 不断提示输入密码,而不是正确使用 ssh 密钥。如果我启用调试日志显示
[my.server.com] Executing task 'min_test_deploy'
[my.server.com] sudo: git pull origin master
DEBUG:paramiko.transport:starting thread (client mode): 0x1116510L
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.4.0
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_7.2p2)
DEBUG:paramiko.transport:kex algos:[u'curve25519-sha256@libssh.org', u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group14-sha1'] server key:[u'ssh-rsa', u'rsa-sha2-512', u'rsa-sha2-256', u'ecdsa-sha2-nistp256', u'ssh-ed25519'] client encrypt:[u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com'] server encrypt:[u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com'] client mac:[u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'] server mac:[u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'] client compress:[u'none', u'zlib@openssh.com'] server compress:[u'none', u'zlib@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False
DEBUG:paramiko.transport:Kex agreed: ecdh-sha2-nistp256
DEBUG:paramiko.transport:HostKey agreed: ecdsa-sha2-nistp256
DEBUG:paramiko.transport:Cipher agreed: aes128-ctr
DEBUG:paramiko.transport:MAC agreed: hmac-sha2-256
DEBUG:paramiko.transport:Compression agreed: none
DEBUG:paramiko.transport:kex engine KexNistp256 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Trying SSH agent key 884f51116337cf3a383d8bacaf28c3a7
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) failed.
DEBUG:paramiko.transport:Trying discovered key 884f51116337cf3a383d8bacaf28c3a7 in /home/mylocaluser/.ssh/id_rsa
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (publickey) failed.
DEBUG:paramiko.transport:userauth is OK
INFO:paramiko.transport:Authentication (password) failed.
[my.server.com] Login password for 'myremoteuser':
Stopped.
DEBUG:paramiko.transport:EOF in transport thread
它会立即尝试 ssh 密钥 Trying SSH agent key 884f51116337cf3a383d8bacaf28c3a7" from "/home/mylocaluser/.ssh/id_rsa
我不确定这个指纹/ID 实际对应的是什么?因为对于那个键
ssh-keygen -lf /home/mylocaluser/.ssh/id_rsa
2048 SHA256:R04myXp6cyNgH6NlZURRJnqyKugEeI3mN8GWijrqi5g me@somewhere.com (RSA)
但无论如何它是 id_rsa 键,当我在我的 fab 文件中时
env.use_ssh_config = True
env.ssh_config_path = '/home/mylocaluser/.ssh/config'
配置显示
Host evo_test
HostName my.server.com
User myremoteuser
IdentityFile ~/.ssh/evo_test.rsa
如何强制它尝试正确的 ssh 密钥?
【问题讨论】: