linux – 不能用ssh作为tty-less用户

前端之家收集整理的这篇文章主要介绍了linux – 不能用ssh作为tty-less用户前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我试图通过从没有tty的用户(我的apache服务器正在运行的用户)调用ssh(使用密钥身份验证)来运行单个命令,并继续获得以下结果:
OpenSSH_5.9p1,OpenSSL 1.0.0g 18 Jan 2012
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 54367.
debug1: Connection established.
debug1: identity file nonpublic/id_rsa type 1
debug1: identity file nonpublic/id_rsa-cert type -1
debug1: Remote protocol version 2.0,remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a
debug1: checking without port identifier
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification Failed.

调用ssh时设置-t标志.密钥没有密码,这应该可以抑制任何输入的需要,但显然它没有.如何阻止ssh尝试打开/ dev / tty?

编辑:代码标签不起作用?

Edit2:完整的ssh命令:

ssh -i nonpublic / id_rsa -l username -p 54367 -t -v username @ localhost / home / username / minecraftserver / Scripts / start 2>& 1

我用“用户名”替换了我的用户名.

编辑3:我尝试使用与root相同的密钥进行ssh-ing并获得此结果:

OpenSSH_5.9p1,OpenSSL 1.0.0g 18 Jan 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 54367.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /srv/http/nonpublic/id_rsa type 1
debug1: identity file /srv/http/nonpublic/id_rsa-cert type -1
debug1: Remote protocol version 2.0,remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a
debug1: checking without port identifier
The authenticity of host '[localhost]:54367 ([::1]:54367)' can't be established.
ECDSA key fingerprint is e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:54367' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /srv/http/nonpublic/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey Failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/srv/http/nonpublic/id_rsa':
debug1: No more authentication methods to try.
Permission denied (publickey).

提示我输入密码,即使它不需要密码.此外,我可以使用密钥ssh在Windows机器上使用PuTTY就好了,它不会提示我输入密码.

Edit4:我将服务器添加到apache用户known_hosts,现在我得到了这个:

OpenSSH_5.9p1,remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a
debug1: Host '[localhost]:54367' is known and matches the ECDSA host key.
debug1: Found key in /srv/http/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: nonpublic/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey Failed
debug1: read PEM private key done: type
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: No more authentication methods to try.
Permission denied (publickey).`

另外,这是known_hosts的内容

[localhost]:54367 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILr7jLp5CeYfyrCroaDjkaWgDHXRrQD+G8Fz/CQOY1PcluUFTkrN447bXmC6R27LOClE+RPaveYb4MOlObpGGE=

为什么说ecdsa?这是一个关键.

编辑5:解决了.问题是密钥对是由PuTTY生成的,PuTTY以与OpenSSH不兼容的格式写入私钥. cjc在评论中提供的解决方案.

解决方法

问题实际上似乎并不是它试图读取密码 – 这只是一个警告.相反,它正在尝试进行主机密钥验证但失败了.如果您真的希望它永远不会询问主机密钥,请考虑将以下选项添加到ssh命令行:
-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null

请注意,可能存在安全隐患,因此请务必在ssh_config手册页中阅读有关这些选项的信息.

编辑:鉴于您更新的错误消息,看起来您有一个损坏的身份文件(或cjc指出,它可能是错误的格式).尝试使用ssh-keygen手动创建一个新的,并将其添加到服务器的authorized_keys.

猜你在找的Linux相关文章