我有一个工作的SSH设置,使用publickey没有任何问题。具体来说,我正在使用SCP -i将文件复制到远程服务器并且可以正常工作
scp -i /var/www/key/id_rsa /var/www/backups/example.dat living@example.com:/var/www/backups
以 root 或 live 登录时,这可以作为命令行使用。
以下是来自/ usr / sbin / sshd -d测试的 WORKING 调试示例:
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from X.X.X.X port 33166 on Y.Y.Y.Y port 22
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: SELinux support disabled [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user living service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "living"
debug1: PAM: setting PAM_RHOST to "FQDN_redacted"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user living service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: trying public key file /home/living/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: restore_uid: 0/0
Postponed publickey for living from X.X.X.X port 33166 ssh2 [preauth]
debug1: userauth-request for user living service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: trying public key file /home/living/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
debug1: do_pam_account: called
Accepted publickey for living from X.X.X.X port 33166 ssh2: RSA 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: monitor_child_preauth: living has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: SELinux support disabled
debug1: PAM: establishing credentials
User child is on pid 2320
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 1001/1001
debug1: Entering interactive session for SSH2.
我的问题是:当我在PERL脚本中运行相同的 SCP命令时,作为反引号bash命令,它会因以下调试而失败。
$x=`scp -i /var/www/keys/living/id_rsa /var/www/$RS->[$x][3].dat living\@$a:/var/www/`;
如果我能弄清楚为什么SCP命令在PERL中运行只尝试一次,我认为问题可能会得到解决。
以下是来自/ usr / sbin / sshd -d测试的 FAILING 调试示例:
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from X.X.X.X port 33208 on Y.Y.Y.Y port 22
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: SELinux support disabled [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user living service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "living"
debug1: PAM: setting PAM_RHOST to "FQDN_redacted"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user living service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: trying public key file /home/living/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: restore_uid: 0/0
Postponed publickey for living from X.X.X.X port 33208 ssh2 [preauth]
Connection closed by X.X.X.X [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 2409
答案 0 :(得分:0)
对此的解决方案是文件的权限" id_rsa "私钥设置为 0660 ,必须更改为 0600 。
因为SCP命令在PERL中运行而被遮挡的noob错误 使用以下命令反对作为PERL分叉的子代:
_这会导致子进程的调试无法显示在Apache error_log中,并且没有任何调试在源服务器或目标服务器上暴露该问题。