我们有一个运行jenkins的开发服务器,其中运行的shell脚本通过SSH(使用基于密钥的身份validation)连接到我们的实时服务器。
这似乎并不可靠。
如果我通过以“jenkins”用户身份login到dev服务器,然后通过SSH连接到活动服务器来自行testingSSH连接,身份validation将运行并在没有密码提示的情况下login。
如果我手动运行一个jenkins作业,大部分时间都可以工作(尽pipe今天早上一个失败提示我写这张票),但是如果我自动执行这个工作以便每晚运行,大多数情况下都会失败(我认为它已经运行了一次)。
每次的故障点都在SSH连接上:
> ssh -T nepton@xxx > Permission denied, please try again. > Permission denied, please try again. > Permission denied (publickey,password). 任何帮助将不胜感激,因为我完全卡住,Linux绝对不是我的专业领域。
附加信息:
Dev上/var/lib/jenkins/.ssh/的权限是:
drwx------ 2 jenkins jenkins 4096 Apr 4 13:31 . drwxr-xr-x 13 jenkins jenkins 4096 Apr 4 13:38 .. -rw------- 1 jenkins jenkins 1679 Apr 4 13:31 id_rsa -rw-r--r-- 1 jenkins jenkins 400 Apr 4 13:31 id_rsa.pub -rw-r--r-- 1 jenkins jenkins 1338 Apr 4 13:33 known_hosts
Live服务器上的/home/nepton/.ssh/权限为:
drwx------ 2 nepton nepton 4096 Mar 20 17:37 . drwx------ 4 nepton nepton 4096 Apr 2 10:52 .. -rw------- 1 nepton nepton 2005 Apr 8 10:23 authorized_keys -rw-r--r-- 1 nepton nepton 1106 Apr 1 10:39 known_hosts
debugging信息
ssh -v -T -i /var/lib/jenkins/.ssh/id_rsa nepton@xxx OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to xxx [xx.xxx.xx.xxx] port 22. debug1: Connection established. debug1: identity file /var/lib/jenkins/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /var/lib/jenkins/.ssh/id_rsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA xxx debug1: Host 'xxx' is known and matches the ECDSA host key. debug1: Found key in /var/lib/jenkins/.ssh/known_hosts:7 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /var/lib/jenkins/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Next authentication method: password debug1: read_passphrase: can't open /dev/tty: No such device or address debug1: Authentications that can continue: publickey,password Permission denied, please try again. debug1: read_passphrase: can't open /dev/tty: No such device or address debug1: Authentications that can continue: publickey,password Permission denied, please try again. debug1: read_passphrase: can't open /dev/tty: No such device or address debug1: Authentications that can continue: publickey,password debug1: No more authentication methods to try. Permission denied (publickey,password). Build step 'Execute shell' marked build as failure
正如你在评论中所说,它不是使用你想要的密钥。 你可以指出正确的关键是这样的:
ssh -T -i /path/to/real/id_rsa nepton@xxx