我试图通过调用ssh(使用密钥authentication)从没有tty(用户我的Apache服务器正在运行)的用户运行单个命令,并不断得到以下结果:
OpenSSH_5.9p1, OpenSSL 1.0.0g 18 Jan 2012 Pseudo-terminal will not be allocated because stdin is not a terminal. debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to localhost [::1] port 54367. debug1: Connection established. debug1: identity file nonpublic/id_rsa type 1 debug1: identity file nonpublic/id_rsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9 debug1: match: OpenSSH_5.9 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a debug1: checking without port identifier debug1: read_passphrase: can't open /dev/tty: No such device or address Host key verification failed. -t标志在调用ssh的时候被设置。 关键没有密码,这应该抑制任何input的需要,但显然不是。 我如何防止ssh试图打开/ dev / tty?
编辑:代码标签不工作?
编辑2:完整的ssh命令:
ssh -i nonpublic/id_rsa -l username -p 54367 -t -v username@localhost /home/username/minecraftserver/Scripts/start 2>&1
我用“用户名”replace了我的用户名。
编辑3:我试着使用与root相同的密钥ssh-ing,并得到这个结果:
OpenSSH_5.9p1, OpenSSL 1.0.0g 18 Jan 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to localhost [::1] port 54367. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /srv/http/nonpublic/id_rsa type 1 debug1: identity file /srv/http/nonpublic/id_rsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9 debug1: match: OpenSSH_5.9 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a debug1: checking without port identifier The authenticity of host '[localhost]:54367 ([::1]:54367)' can't be established. ECDSA key fingerprint is e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:54367' (ECDSA) to the list of known hosts. debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /srv/http/nonpublic/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/srv/http/nonpublic/id_rsa': debug1: No more authentication methods to try. Permission denied (publickey).
它会提示我input密码,即使它不需要。 此外,我可以使用密钥ssh在Windows机器上使用腻子就好了,它不会提示我的密码。
Edit4:我将服务器添加到apache用户known_hosts,现在我得到这个:
OpenSSH_5.9p1, OpenSSL 1.0.0g 18 Jan 2012 Pseudo-terminal will not be allocated because stdin is not a terminal. debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to localhost [::1] port 54367. debug1: Connection established. debug1: identity file nonpublic/id_rsa type 1 debug1: identity file nonpublic/id_rsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9 debug1: match: OpenSSH_5.9 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a debug1: Host '[localhost]:54367' is known and matches the ECDSA host key. debug1: Found key in /srv/http/.ssh/known_hosts:1 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: nonpublic/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type debug1: read_passphrase: can't open /dev/tty: No such device or address debug1: No more authentication methods to try. Permission denied (publickey).`
另外,这是known_hosts的内容:
[localhost]:54367 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILr7jLp5CeYfyrCroaDjkaWgDHXRrQD+G8Fz/CQOY1PcluUFTkrN447bXmC6R27LOClE+RPaveYb4MOlObpGGE=
为什么说ecdsa? 这是一个rsa键。
编辑5:解决。 问题在于密钥对是由PuTTY生成的,它以与OpenSSH不兼容的格式写入私钥。 cjc在评论中提供的解决scheme。
问题实际上并不是它试图读取密码 – 这只是一个警告。 相反,它试图进行主机密钥validation,但是失败。 如果你真的希望它永远不要问主机密钥,可以考虑在ssh命令行中添加以下选项:
-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null
请注意,可能存在安全隐患,因此请确保在ssh_config手册页中阅读这些选项。
编辑:鉴于您更新的错误消息,它看起来像你有一个损坏的身份文件(或cjc指出,它可能是错误的格式)。 尝试用ssh-keygen手动创build一个新的,并将其添加到服务器的authorized_keys。
出于兴趣,在/etc/passwd设置了什么环境 – 缺less/bin/bash可能是您的问题。