【发布时间】:2017-10-02 22:11:59
【问题描述】:
我有一个有效的 SSH 设置,它使用 publickey 没有任何问题。具体来说,我正在使用 SCP -i 将文件复制到远程服务器并且它可以工作
scp -i /var/www/key/id_rsa /var/www/backups/example.dat living@example.com:/var/www/backups
当以 root 或 living 身份登录时,这可以作为命令行正常工作。
这是一个从 /usr/sbin/sshd -d 测试中进行 WORKING 调试的示例:
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from X.X.X.X port 33166 on Y.Y.Y.Y port 22
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: SELinux support disabled [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user living service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "living"
debug1: PAM: setting PAM_RHOST to "FQDN_redacted"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user living service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: trying public key file /home/living/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: restore_uid: 0/0
Postponed publickey for living from X.X.X.X port 33166 ssh2 [preauth]
debug1: userauth-request for user living service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: trying public key file /home/living/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
debug1: do_pam_account: called
Accepted publickey for living from X.X.X.X port 33166 ssh2: RSA 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: monitor_child_preauth: living has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: SELinux support disabled
debug1: PAM: establishing credentials
User child is on pid 2320
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 1001/1001
debug1: Entering interactive session for SSH2.
我的问题是:当我在 PERL 脚本中运行 same SCP 命令时,作为反引号 bash 命令,它会因以下调试而失败。
$x=`scp -i /var/www/keys/living/id_rsa /var/www/$RS->[$x][3].dat living\@$a:/var/www/`;
我想如果我能弄清楚为什么在 PERL 中运行的 SCP 命令只尝试一次,问题可能会得到解决。
以下是来自 /usr/sbin/sshd -d 测试的 FAILING 调试示例:
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from X.X.X.X port 33208 on Y.Y.Y.Y port 22
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: SELinux support disabled [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user living service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "living"
debug1: PAM: setting PAM_RHOST to "FQDN_redacted"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user living service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: trying public key file /home/living/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: restore_uid: 0/0
Postponed publickey for living from X.X.X.X port 33208 ssh2 [preauth]
Connection closed by X.X.X.X [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 2409
【问题讨论】:
-
你的脚本是什么样的?我的钱将用于插值/转义/引用问题。
-
$x=
scp -i /var/www/keys/living/id_rsa /var/www/$RS->[$x][3].dat living\@$a:/var/www/; -
请将其编辑到您的帖子中。
-
添加到第二次调试以上的帖子。
-
添加此反引号 SCP 命令在脚本中正常工作可能是相关的。唯一从根本上改变的是它现在作为子进程的一部分运行,该子进程是从父进程中派生出来的 $|=1;和 $SIG{CHLD} = "忽略";设置(因为我需要父母退出用户浏览器更新的原因)。
标签: bash perl ssh public-key sshd