看来我的openssh客户端(OpenSSH_4.6p1,OpenSSL 0.9.8e 2007年2月23日)无法打开known\_hosts或id\_rsa文件,即使我可以通过查看他们的内容与“types”命令。 这是作为服务运行的Hudson实例的'SYSTEM'用户运行的。 值得注意的是,如果我设置%HOME%环境variables使用另一个文件夹,如c:\git ,一切正常。 这指的是权限问题,但“types”命令似乎反驳了这一点。 发生了什么事情,如何进一步诊断?
C:\hudson\jobs\blah\workspace>type C:\Windows\System32\config\systemprofile\.ssh\known_hosts git,10.3.11.91 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA00Er2Sidyjm+wf0X4Ck/Yld85HedJTJAwlQg9KoWL1rJYyA90Zcdm6qhjsZs+9yXvpoRALeUBBYa07aRpU9PwYQodhuAoE31c3WytKXPQ7XnwL+hCnsZckdmLFgX0Vptto/PZ0uZY5KhmvHN+shRovHbg9yfe979wAG7V5HaSRs= C:\hudson\jobs\blah\workspace>type C:\Windows\System32\config\systemprofile\.ssh\id_rsa -----BEGIN RSA PRIVATE KEY----- -----private key content was here----- -----END RSA PRIVATE KEY----- C:\hudson\jobs\blah\workspace>"c:\program files (x86)\git\bin\ssh" -T -vvv git@git ls OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007 debug2: ssh_connect: needpriv 0 debug1: Connecting to git [10.3.11.91] port 22. debug1: Connection established. debug1: identity file /c/Windows/System32/config/systemprofile/.ssh/identity type -1 debug1: identity file /c/Windows/System32/config/systemprofile/.ssh/id_rsa type -1 debug1: identity file /c/Windows/System32/config/systemprofile/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2 debug1: match: OpenSSH_4.2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.6 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 130/256 debug2: bits set: 489/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /c/Windows/System32/config/systemprofile/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile: filename /c/Windows/System32/config/systemprofile/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'qvtgit' is known and matches the RSA host key. debug1: Found key in /c/Windows/System32/config/systemprofile/.ssh/known_hosts:1 debug2: bits set: 511/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /c/Windows/System32/config/systemprofile/.ssh/identity (0x0) debug2: key: /c/Windows/System32/config/systemprofile/.ssh/id_rsa (0x0) debug2: key: /c/Windows/System32/config/systemprofile/.ssh/id_dsa (0x0) debug1: Authentications that can continue: publickey,keyboard-interactive debug3: start over, passed a different list publickey,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /c/Windows/System32/config/systemprofile/.ssh/identity debug3: no such identity: /c/Windows/System32/config/systemprofile/.ssh/identity debug1: Trying private key: /c/Windows/System32/config/systemprofile/.ssh/id_rsa debug3: no such identity: /c/Windows/System32/config/systemprofile/.ssh/id_rsa debug1: Trying private key: /c/Windows/System32/config/systemprofile/.ssh/id_dsa debug3: no such identity: /c/Windows/System32/config/systemprofile/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1
OpenSSH拒绝使用私人密钥,这些私人密钥是其所有者以外的任何人都可以读取的 – 检查对该文件具有权限的唯一帐户是SYSTEM帐户。
(进一步检查表明这不是你的情况的问题。)
检查OpenSSH源代码显示,只有在stat(2)函数调用失败的条件下才会打印此错误消息:请参见sshconnect2.c的第1224行 。 从Cygwin环境中看到'whoami && stat /c/Windows/System32/config/systemprofile/.ssh/id_dsa'的输出会很有趣。
或者,尝试像进程监视器这样的工具来查看API级别发生了什么 – 也许访问身份文件时返回的错误消息会给你一个线索。
它也可以是Vista中的虚拟存储机制,它在用户通常不能访问的目录上创build覆盖,用户可以在其中写入。
如果这些文件是由非pipe理员帐户复制的,那么他们可能已经结束了
%USERPROFILE%\AppData\Local\VirtualStore
也就是说,您将用户的密钥复制到指定的path中,Vista会在包含这些文件的用户VirtualStore中创build一个叠加层。 但是,当作为另一个用户调用时,该用户将看不到用户VirtualStore中包含的更改。