我试图通过从没有tty的用户(我的apache服务器正在运行的用户)调用ssh(使用密钥身份验证)来运行单个命令,并继续获得以下结果:
OpenSSH_5.9p1,OpenSSL 1.0.0g 18 Jan 2012 Pseudo-terminal will not be allocated because stdin is not a terminal. debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to localhost [::1] port 54367. debug1: Connection established. debug1: identity file nonpublic/id_rsa type 1 debug1: identity file nonpublic/id_rsa-cert type -1 debug1: Remote protocol version 2.0,remote software version OpenSSH_5.9 debug1: match: OpenSSH_5.9 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a debug1: checking without port identifier debug1: read_passphrase: can't open /dev/tty: No such device or address Host key verification Failed.
调用ssh时设置-t标志.密钥没有密码,这应该可以抑制任何输入的需要,但显然它没有.如何阻止ssh尝试打开/ dev / tty?
Edit2:完整的ssh命令:
ssh -i nonpublic / id_rsa -l username -p 54367 -t -v username @ localhost / home / username / minecraftserver / Scripts / start 2>& 1
编辑3:我尝试使用与root相同的密钥进行ssh-ing并获得此结果:
OpenSSH_5.9p1,OpenSSL 1.0.0g 18 Jan 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to localhost [::1] port 54367. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /srv/http/nonpublic/id_rsa type 1 debug1: identity file /srv/http/nonpublic/id_rsa-cert type -1 debug1: Remote protocol version 2.0,remote software version OpenSSH_5.9 debug1: match: OpenSSH_5.9 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a debug1: checking without port identifier The authenticity of host '[localhost]:54367 ([::1]:54367)' can't be established. ECDSA key fingerprint is e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:54367' (ECDSA) to the list of known hosts. debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /srv/http/nonpublic/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: key_parse_private_pem: PEM_read_PrivateKey Failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/srv/http/nonpublic/id_rsa': debug1: No more authentication methods to try. Permission denied (publickey).
它提示我输入密码,即使它不需要密码.此外,我可以使用密钥ssh在Windows机器上使用PuTTY就好了,它不会提示我输入密码.
Edit4:我将服务器添加到apache用户known_hosts,现在我得到了这个:
OpenSSH_5.9p1,remote software version OpenSSH_5.9 debug1: match: OpenSSH_5.9 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a debug1: Host '[localhost]:54367' is known and matches the ECDSA host key. debug1: Found key in /srv/http/.ssh/known_hosts:1 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: nonpublic/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: key_parse_private_pem: PEM_read_PrivateKey Failed debug1: read PEM private key done: type debug1: read_passphrase: can't open /dev/tty: No such device or address debug1: No more authentication methods to try. Permission denied (publickey).`
另外,这是known_hosts的内容:
[localhost]:54367 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILr7jLp5CeYfyrCroaDjkaWgDHXRrQD+G8Fz/CQOY1PcluUFTkrN447bXmC6R27LOClE+RPaveYb4MOlObpGGE=
为什么说ecdsa?这是一个关键.
编辑5:解决了.问题是密钥对是由PuTTY生成的,PuTTY以与OpenSSH不兼容的格式写入私钥. cjc在评论中提供的解决方案.
解决方法
问题实际上似乎并不是它试图读取密码 – 这只是一个警告.相反,它正在尝试进行主机密钥验证但失败了.如果您真的希望它永远不会询问主机密钥,请考虑将以下选项添加到ssh命令行:
-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null
请注意,可能存在安全隐患,因此请务必在ssh_config手册页中阅读有关这些选项的信息.
编辑:鉴于您更新的错误消息,看起来您有一个损坏的身份文件(或cjc指出,它可能是错误的格式).尝试使用ssh-keygen手动创建一个新的,并将其添加到服务器的authorized_keys.
