Question

我正在尝试为我的ROR网站为EC2实例（亚马逊图像）执行“上限ec2onrails：setup”，但无论我做什么，身份验证都会一直要求我输入密码。我已经尝试了几乎所有我在这个和/或其他论坛上阅读的内容：

将公钥从〜/ .ssh复制到ec2-user @_。sa-east-1.compute.amazonaws.com：/ home / ec2-user / .ssh / authorized_keys2（或authorized_keys）
使用Amazon Management Console生成私钥，然后将公钥从服务器复制到我的计算机
使用ssh-add -l </ li>添加任何这些键
使用ssh-keychain生成新密钥
使用我机器中已有的公钥/私钥（id_rsa＆amp; id_rsa.pub）
按照上述^^惯例命名密钥
chmod 400用于〜/ .ssh
将键移动到〜/ .ec2
设置环境变量，如陈述here

注意：

使用ssh和AWS .pem密钥连接到服务器细
如何在“ssh_options”中设置“keys”值无关紧要，卡皮斯特拉诺似乎总是忽略它。但是，它并没有忽略 ssh-add -l </ li>中列出的密钥

以下是我尝试设置关键路径的方法

set :ssh_options, {:keys => ["/Users/dalef/.ssh/pk"]}

这是我最新测试的输出代码，使用详细输出

Damians-MacBook-Pro:test dalef$ cap ec2onrails:setup
[Deprecation Warning] This API has changed, please hook `deploy:create_symlink` instead of `deploy:symlink`.
  * 2013-03-20 20:10:52 executing `ec2onrails:setup'
  * 2013-03-20 20:10:52 executing `ec2onrails:server:update_hostname'
  * executing "sudo -p 'sudo password: ' /usr/local/ec2onrails/bin/update_hostname"
    servers: ["___.sa-east-1.compute.amazonaws.com"]
D, [2013-03-20T20:10:52.471872 #2647] DEBUG -- net.ssh.transport.session[3fe825c3c40c]: establishing connection to ___.sa-east-1.compute.amazonaws.com:22
D, [2013-03-20T20:10:52.539934 #2647] DEBUG -- net.ssh.transport.session[3fe825c3c40c]: connection established
I, [2013-03-20T20:10:52.540236 #2647]  INFO -- net.ssh.transport.server_version[3fe825c45728]: negotiating protocol version
D, [2013-03-20T20:10:52.591866 #2647] DEBUG -- net.ssh.transport.server_version[3fe825c45728]: remote is `SSH-2.0-OpenSSH_5.3'
D, [2013-03-20T20:10:52.591965 #2647] DEBUG -- net.ssh.transport.server_version[3fe825c45728]: local is `SSH-2.0-Ruby/Net::SSH_2.6.6 x86_64-darwin12.2.0'
D, [2013-03-20T20:10:52.635419 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 784 bytes
D, [2013-03-20T20:10:52.635555 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 0 type 20 len 780
I, [2013-03-20T20:10:52.635654 #2647]  INFO -- net.ssh.transport.algorithms[3fe825c484dc]: got KEXINIT from server
I, [2013-03-20T20:10:52.635844 #2647]  INFO -- net.ssh.transport.algorithms[3fe825c484dc]: sending KEXINIT
D, [2013-03-20T20:10:52.636042 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 0 type 20 len 1620
D, [2013-03-20T20:10:52.636141 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 1624 bytes
I, [2013-03-20T20:10:52.636196 #2647]  INFO -- net.ssh.transport.algorithms[3fe825c484dc]: negotiating algorithms
D, [2013-03-20T20:10:52.636319 #2647] DEBUG -- net.ssh.transport.algorithms[3fe825c484dc]: negotiated:
* kex: diffie-hellman-group-exchange-sha1
* host_key: ssh-rsa
* encryption_server: aes128-cbc
* encryption_client: aes128-cbc
* hmac_client: hmac-sha1
* hmac_server: hmac-sha1
* compression_client: none
* compression_server: none
* language_client: 
* language_server: 
D, [2013-03-20T20:10:52.636373 #2647] DEBUG -- net.ssh.transport.algorithms[3fe825c484dc]: exchanging keys
D, [2013-03-20T20:10:52.636563 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 1 type 34 len 20
D, [2013-03-20T20:10:52.636613 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 24 bytes
D, [2013-03-20T20:10:52.738438 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 152 bytes
D, [2013-03-20T20:10:52.738637 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 1 type 31 len 148
D, [2013-03-20T20:10:52.744324 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 2 type 32 len 140
D, [2013-03-20T20:10:52.744468 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 144 bytes
D, [2013-03-20T20:10:52.790733 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 720 bytes
D, [2013-03-20T20:10:52.790938 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 2 type 33 len 700
D, [2013-03-20T20:10:52.795329 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 3 type 21 len 20
D, [2013-03-20T20:10:52.795447 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 24 bytes
D, [2013-03-20T20:10:52.795542 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 3 type 21 len 12
D, [2013-03-20T20:10:52.795871 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: beginning authentication of `admin'
D, [2013-03-20T20:10:52.796008 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 4 type 5 len 28
D, [2013-03-20T20:10:52.796071 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 52 bytes
D, [2013-03-20T20:10:52.944233 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes
D, [2013-03-20T20:10:52.944626 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 4 type 6 len 28
D, [2013-03-20T20:10:52.945125 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: trying publickey
D, [2013-03-20T20:10:52.945906 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: connecting to ssh-agent
D, [2013-03-20T20:10:52.946221 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: sending agent request 1 len 51
D, [2013-03-20T20:10:52.946460 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: received agent packet 2 len 5
D, [2013-03-20T20:10:52.946578 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: sending agent request 11 len 0
D, [2013-03-20T20:10:52.946859 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: received agent packet 12 len 294
D, [2013-03-20T20:10:52.947478 #2647] DEBUG -- net.ssh.authentication.methods.publickey[3fe826263fd8]: trying publickey (b7:96:23:2d:21:f3:5e:dd:ba:e9:7c:7d:f5:4c:fd:0c)
D, [2013-03-20T20:10:52.947821 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 5 type 50 len 348
D, [2013-03-20T20:10:52.947994 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 372 bytes
D, [2013-03-20T20:10:52.993286 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes
D, [2013-03-20T20:10:52.993497 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 5 type 51 len 28
D, [2013-03-20T20:10:52.993717 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: allowed methods: publickey
D, [2013-03-20T20:10:52.993904 #2647] DEBUG -- net.ssh.authentication.methods.publickey[3fe826263fd8]: trying publickey (40:2c:20:e7:0c:f4:65:32:76:7c:39:5e:83:84:70:b2)
D, [2013-03-20T20:10:52.994095 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 6 type 50 len 348
D, [2013-03-20T20:10:52.994202 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 372 bytes
D, [2013-03-20T20:10:53.035308 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes
D, [2013-03-20T20:10:53.035556 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 6 type 51 len 28
D, [2013-03-20T20:10:53.035693 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: allowed methods: publickey
E, [2013-03-20T20:10:53.035782 #2647] ERROR -- net.ssh.authentication.session[3fe826273f28]: all authorization methods failed (tried publickey)
Password:

这是我最新测试的密钥列表（只是我从服务器检索的密钥）

Damians-MacBook-Pro:test dalef$ ssh-add -l
2048 b7:96:23:2d:21:f3:5e:dd:ba:e9:7c:7d:f5:4c:fd:0c pk (RSA)

有什么我想念的吗？我接近尝试基于密码的身份验证。

谢谢！

更新

仍在尝试其他选择。我还通过比较AWS key fingerprint＆amp; amp;来确保我使用了正确的密钥。 authorized_keys

From Amazon:
dalef 90:04:34:df:75:cc:9c:f0:90:4f:77:17:98:ee:ec:c1:95:d9:f6:14

Damians-MacBook-Pro:.ssh dalef$ ec2-fingerprint-key dalef
90:04:34:df:75:cc:9c:f0:90:4f:77:17:98:ee:ec:c1:95:d9:f6:14
Damians-MacBook-Pro:.ssh dalef$ ssh-add dalef
Identity added: dalef (dalef)
Damians-MacBook-Pro:.ssh dalef$ ssh-add -l
2048 40:2c:20:e7:0c:f4:65:32:76:7c:39:5e:83:84:70:b2 id_rsa (RSA)
2048 e6:02:1a:a4:2a:f9:63:4a:b7:de:66:60:f2:fa:0c:b4 dalef (RSA)


[ec2-user@___ .ssh]$ cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcfgMIAbEfNAiSgi4zXsObR1zGPHzVbff2suB/J2rLVgr5XNfLhf+kTRzTij0IWsutYj45j/eI87xC912WYtNG2An8262JwqRJZfwbnfDHMjwPQRwlDNjgGWRZwl8x9HO1V7EmBCaEEpeXg0ogbdhM386f/TTdWdUOofSqTEjuN2Nk73OHirPAj7MuWSGwGAwKCS4In2KbGAP/hk0c/PsCx52J+zjp2lteEaA9qWIovQggRw73dAqV++czMwCx2+7GMGxGx21fgSH4cYZ7Q6XxAxBkmsO7yoKZHUFj5QobSJ1TVh7N/61bFInt6Ua6btTXC7jwaATzkOBkv/rwLgtN **dalef**

仍然要求输入密码。

更新我的设置确实有些问题。我尝试过允许密码连接，但这也不起作用。我是否需要开始考虑使用Capistrano替代方案？

这是日志

[ec2-user@___ ~]$ sudo vi /etc/ssh/sshd_config 
PasswordAuthentication yes
[ec2-user@___ ~]$ sudo passwd ec2-user
Changing password for user ec2-user.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[ec2-user@___ ~]$ exit
...
E, [2013-03-21T00:31:02.582111 #3739] ERROR -- net.ssh.authentication.session[3fd0f6e21178]: all authorization methods failed (tried password)
connection failed for: admin@___.sa-east-1.compute.amazonaws.com (Net::SSH::AuthenticationFailed: admin)

从这些日志中我假设Capistrano正试图以管理员身份登录。如何将其更改为ec2-user？（我在deploy.rb中尝试过set：user，“ec2-user”）

Answer 1

经过大量阅读后，我找到了解决方案。这使我指出了正确的方向：https://serverfault.com/questions/55343/cant-get-ssh-public-key-authentication-to-work

主要问题是我不知道自己在做什么。所以无论如何，如果有人对我提出的解决方案感兴趣：

不知何故，Capistrano总是使用管理员用户，除了你设置的用户，所以我创建了一个。您可以继续并按照以下步骤操作：http://aws.amazon.com/articles/1233
我使用ssh-keygen -b创建了我自己的一组pub / private键-b 1024 -f ec2admin -t dsa
我使用scp将ec2admin.pub文件复制到服务器中的/home/admin/.ssh
我将发布内容附加到服务器中的/home/admin/.ssh/authorized_keys文件
然后它真的有助于读取sshd日志：/ var / log / secure（YMMV）
最后在/ home解决了三个错误的权限：

chmod 700 /home/.ssh

chmod 600 /home/.ssh / *

chmod 755 / home / admin

这就是诀窍。我现在可以没有密码登录。谢谢你的帮助！

cap使用admin而不是ec2-user

1 个答案: