Question

我在云上有2台机器。

172.31.2.102 = Ansible ec2服务器
172.31.8.56 = ec2主机

我曾经从私钥连接这两个服务器。甚至两台服务器都可以通过SSH使用pem密钥相互连接。请查找连接日志：

ubuntu@ip-172-31-2-102:~$ ssh -i mkey.pem ec2-user@172.31.14.167
Last login: Thu Aug  6 07:08:11 2015 from ip-172-31-2-102.us-west-2.compute.internal

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2015.03-release-notes/
[ec2-user@ip-172-31-14-167 ~]$ ifconfig
eth0      Link encap:Ethernet  HWaddr 0A:67:A8:97:F9:29
          inet addr:172.31.14.167  Bcast:172.31.15.255  Mask:255.255.240.0

Ansible使用SSH连接来连接主机。但是这次我的ansible机器（ubuntu用户）无法连接到主机（ec2-user）

请查找以下调试日志

ubuntu@ip-172-31-2-102:~$ ssh -C -tt -vvvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o IdentityFile="/home/ubuntu/mm-aws-key1.ppk" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 172.31.8.56 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1438840732.36-23390706021408 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1438840732.36-23390706021408 && echo $HOME/.ansible/tmp/ansible-tmp-1438840732.36-23390706021408'
    OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: Applying options for *
    debug1: auto-mux: Trying existing master
    debug1: Control socket "/home/ubuntu/.ansible/cp/ansible-ssh-172.31.8.56-22-ec2-user" does not exist
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to 172.31.8.56 [172.31.8.56] port 22.
    debug2: fd 3 setting O_NONBLOCK
    debug1: fd 3 clearing O_NONBLOCK
    debug1: Connection established.
    debug3: timeout: 10000 ms remain after connect
    debug3: Incorrect RSA1 identifier
    debug3: Could not load "/home/ubuntu/mm-aws-key1.ppk" as a RSA1 public key
    debug2: key_type_from_name: unknown key type 'PuTTY-User-Key-File-2:'
    debug3: key_read: missing keytype
    debug2: key_type_from_name: unknown key type 'Encryption:'
    debug3: key_read: missing keytype
    debug2: key_type_from_name: unknown key type 'Comment:'
    debug3: key_read: missing keytype
    debug2: key_type_from_name: unknown key type 'Public-Lines:'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type 'Private-Lines:'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type 'Private-MAC:'
    debug3: key_read: missing keytype
    debug1: identity file /home/ubuntu/mm-aws-key1.ppk type -1
    debug1: identity file /home/ubuntu/mm-aws-key1.ppk-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
    debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
    debug2: fd 3 setting O_NONBLOCK
    debug3: load_hostkeys: loading entries for host "172.31.8.56" from file "/home/ubuntu/.ssh/known_hosts"
    debug3: load_hostkeys: found key type ECDSA in file /home/ubuntu/.ssh/known_hosts:3
    debug3: load_hostkeys: loaded 1 keys
    debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none
    debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_setup: setup hmac-md5-etm@openssh.com
    debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com zlib@openssh.com
    debug2: mac_setup: setup hmac-md5-etm@openssh.com
    debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com zlib@openssh.com
    debug1: sending SSH2_MSG_KEX_ECDH_INIT
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ECDSA 75:ab:04:fd:c8:3f:3e:19:44:fb:7f:4e:76:c7:23:fc
    debug3: load_hostkeys: loading entries for host "172.31.8.56" from file "/home/ubuntu/.ssh/known_hosts"
    debug3: load_hostkeys: found key type ECDSA in file /home/ubuntu/.ssh/known_hosts:3
    debug3: load_hostkeys: loaded 1 keys
    debug1: Host '172.31.8.56' is known and matches the ECDSA host key.
    debug1: Found key in /home/ubuntu/.ssh/known_hosts:3
    debug1: ssh_ecdsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/ubuntu/mm-aws-key1.ppk ((nil)), explicit
    debug1: Authentications that can continue: publickey
    debug3: start over, passed a different list publickey
    debug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: ,gssapi-keyex,hostbased,publickey
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/ubuntu/mm-aws-key1.ppk
    debug1: key_parse_private2: missing begin marker
    debug1: key_parse_private_pem: PEM_read_PrivateKey failed
    debug1: read PEM private key done: type <unknown>
    Enter passphrase for key '/home/ubuntu/mm-aws-key1.ppk':
    debug1: key_parse_private2: missing begin marker
    debug1: key_parse_private_pem: PEM_read_PrivateKey failed
    debug1: read PEM private key done: type <unknown>
    debug2: bad passphrase given, try again...
    Enter passphrase for key '/home/ubuntu/mm-aws-key1.ppk':
    debug1: key_parse_private2: missing begin marker
    debug1: key_parse_private_pem: PEM_read_PrivateKey failed
    debug1: read PEM private key done: type <unknown>
    debug2: bad passphrase given, try again...
    Enter passphrase for key '/home/ubuntu/mm-aws-key1.ppk':
    debug1: key_parse_private2: missing begin marker
    debug1: key_parse_private_pem: PEM_read_PrivateKey failed
    debug1: read PEM private key done: type <unknown>
    debug2: bad passphrase given, try again...
    debug2: we did not send a packet, disable method
    debug1: No more authentication methods to try.
    Permission denied (publickey).

############################################

感谢您帮助解决此问题。

Answer 1

它通过用户创建校正解决了。 B机器用户没有响应A机器的权限

Ansible服务器无法连接aws云主机

1 个答案: