服务器到服务器ssh通过私钥 - 权限被拒绝(publickey)

时间:2017-07-05 14:27:53

标签: linux ssh public-key-encryption gitlab-ci gitlab-ci-runner

我知道这个问题来自可能最受欢迎的问题清单,但是从早上起就一直坚持这个问题,所以值得尝试从社区得到积极回应。我已经查询了各种已经提出的问题及其解决方案,但猜测它不起作用。

我正在关注https://docs.gitlab.com/ee/ci/examples/deployment/composer-npm-deploy.html从gitlab runner向我的服务器编写部署脚本。因此,跑步者(基于ubuntu / docker)需要将文件传输到我的服务器,因为跑步者是动态的(在这种情况下 - 两者都是水滴)

  • 我使用的是我服务器的私钥
  • 通过运行
  • 将私钥放入运行器中
  

eval $(ssh-agent -s)

     

nano /root/.ssh/id_rsa_sid(粘贴我服务器的私钥内容(.ssh / id_rsa))

     

ssh-add /root/.ssh/id_rsa_sid

     

已添加身份:/root/.ssh/id_rsa_sid(/root/.ssh/id_rsa_sid)

现在,当我执行ssh -v root @ serverip时,我将获得Permission denied(publickey)。 (我也尝试了-i密钥文件路径标记 - 结果相同)

root@ubuntu-512mb-sgp1-01:~/.ssh# ssh -v -i id_rsa_sid root@serverip
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 128.xxx.xxx.xxx [128.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file id_rsa_sid type -1
debug1: key_load_public: No such file or directory
debug1: identity file id_rsa_sid-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version 
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 128.199.253.228:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:/El3UFF60r6/qNAwvfyIzx6Cf6N2YuXed/UU5QWEP1Q
debug1: Host '128.199.253.228' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa_sid
debug1: Authentications that can continue: publickey
debug1: Trying private key: id_rsa_sid
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

正如您所看到的,它将文件作为公钥和私钥进行尝试但失败了。

我去了服务器获取日志:

  

cat /var/log/auth.log

Jul  5 13:13:16 docker-512mb-sgp1-01 sshd[2371]: Connection closed by 128.yyy.yyy.yy port 43292 [preauth]

请让我知道我做错了什么,或者如果可以 - 请指出我的资源。

1 个答案:

答案 0 :(得分:0)

对于像我这样的人(谁来这里寻找答案)

做了一些故障排除,发现这是一个愚蠢的错误。

将服务器的公钥添加到其授权密钥文件中。那样做: - )

由于