我让Jenkins在我的本地计算机上运行,试图找出我在服务器上遇到的远程ssh问题。我收到此权限被拒绝错误,表明密钥有问题,但是从shell上的同一个用户帐户,我绝对可以连接。
Started by user anonymous
Building in workspace /Users/jgoodwin/jenkins/workspace/app
[postprocessor] $ /bin/sh -xe /var/folders/b0/h_wtmzss6cx11p6153y9h2cr0000gn/T/hudson4163212101874527747.sh
+ echo /Users/jgoodwin
/Users/jgoodwin
+ whoami
jgoodwin
+ ssh -i /Users/jgoodwin/.ssh/id_rsa remoteuser@server 'echo success'
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Build step 'Execute shell' marked build as failure
Finished: FAILURE
这是在shell上运行的:
Jasons-MacBook-Air:~ jgoodwin$ echo $HOME
/Users/jgoodwin
Jasons-MacBook-Air:~ jgoodwin$ whoami
jgoodwin
Jasons-MacBook-Air:~ jgoodwin$ ssh -i /Users/jgoodwin/.ssh/id_rsa remoteuser@server 'echo success'
success
我很难过 - 我过去和哈德森做过很多工作,我觉得我在做这类工作时没有任何问题。错误表明密钥有问题,但它们显然很好。
编辑:
根据请求详细记录日志
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to hostname [ip] port 22.
debug1: Connection established.
debug1: identity file /Users/jgoodwin/.ssh/id_rsa type 1
debug1: identity file /Users/jgoodwin/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA ed:d4:92:3f:33:bd:dd:b9:eb:d1:b2:19:4c:f1:70:e9
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /Users/jgoodwin/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Build step 'Execute shell' marked build as failure
编辑:成功尝试添加8/15
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to hostname [ip] port 22.
debug1: Connection established.
debug1: identity file /Users/jgoodwin/.ssh/id_rsa type 1
debug1: identity file /Users/jgoodwin/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 40:bf:b5:74:1c:5f:b6:93:00:4b:ca:1d:fc:0f:39:ec
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /Users/jgoodwin/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to hostname ([54.226.250.218]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_CA.UTF-8
Last login: Thu Aug 15 13:09:32 2013 from 66.199.39.230
答案 0 :(得分:8)
多种原因可能会导致此行为,例如使用代理/密钥链管理器进行密钥缓存等。
我建议使用-v参数来比较2个输出:
ssh -v -i /Users/jgoodwin/.ssh/id_rsa remoteuser@server
这将让您以更详细的方式比较发生的事情。如果您仍然无法解决问题,请发布您的详细输出进行比较。
注意:您可以添加最多3 -v参数以增加详细程度。
<强>更新:
@JasonG从我看到的失败细节是:
debug1:提供RSA公钥:/Users/jgoodwin/.ssh/id_rsa debug1:服务器接受密钥:pkalg ssh-rsa blen 279 debug1:key_parse_private_pem:PEM_read_PrivateKey失败 debug1:读取PEM私钥完成:类型 debug1:read_passphrase:无法打开/ dev / tty:设备未配置
看起来您的密钥有密码并且无法输入密码,因为我们不在交互式shell中。来自标准shell的命令行可能会受益于Keycahin,它会为您“键入密码”。
如果您可以为成功的命令生成相同的详细程度,以便我们可以比较......
答案 1 :(得分:1)
Jenkins运行shell脚本与环境中的cmd行略有不同
您的情况存在一些环境差异,我们没有注意到。像初始脚本,路径设置。
除了@coffeebreaks提供的方法外,请尝试以下
env 答案 2 :(得分:0)
答案 3 :(得分:0)
在我的情况下,我使用的是我来自jenkins用户.bashrc文件中的钥匙串(如@coffeebreaks建议)。不幸的是,jenkins后端似乎不像标准的shell登录那样提供此文件的源。
解决方案是在Jenkins管道中的scp调用之前添加以下代码:
pawn答案 4 :(得分:0)
好像在/Users/jgoodwin/.ssh/id_rsa.pub下缺少公共密钥,而在那儿是id_rsa...。您能否仔细检查并提供对该文件的600权限并重新运行jenkins作业
debug1:提供RSA公钥:/Users/jgoodwin/.ssh/id_rsa debug1:服务器接受密钥:pkalg ssh-rsa blen 279 debug1:key_parse_private_pem:PEM_read_PrivateKey失败