[英]jenkins - can't ssh to remote server (key - permission denied) but works from cli
I have Jenkins running on my local machine trying to figure out remote ssh problem I'm having on a server.我让 Jenkins 在我的本地机器上运行,试图找出我在服务器上遇到的远程 ssh 问题。 I'm getting this permission denied error which indicates a problem with the key, yet from the same user account on the shell, I can definitely connect.我收到此权限被拒绝错误,表明密钥有问题,但从 shell 上的同一个用户帐户,我绝对可以连接。
Started by user anonymous
Building in workspace /Users/jgoodwin/jenkins/workspace/app
[postprocessor] $ /bin/sh -xe /var/folders/b0/h_wtmzss6cx11p6153y9h2cr0000gn/T/hudson4163212101874527747.sh
+ echo /Users/jgoodwin
/Users/jgoodwin
+ whoami
jgoodwin
+ ssh -i /Users/jgoodwin/.ssh/id_rsa remoteuser@server 'echo success'
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Build step 'Execute shell' marked build as failure
Finished: FAILURE
This is run right on the shell:这是在 shell 上运行的:
Jasons-MacBook-Air:~ jgoodwin$ echo $HOME
/Users/jgoodwin
Jasons-MacBook-Air:~ jgoodwin$ whoami
jgoodwin
Jasons-MacBook-Air:~ jgoodwin$ ssh -i /Users/jgoodwin/.ssh/id_rsa remoteuser@server 'echo success'
success
I'm fairly stumped - I've done quite a bit of work with hudson in the past and I don't think I had any issues doing this type of work.我很难过 - 过去我和 hudson 一起做了很多工作,我认为我在做这类工作时没有任何问题。 The error indicates a problem with the keys but they are clearly fine.该错误表明键有问题,但它们显然没问题。
Edit:编辑:
Verbose log as per request根据请求详细记录
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to hostname [ip] port 22.
debug1: Connection established.
debug1: identity file /Users/jgoodwin/.ssh/id_rsa type 1
debug1: identity file /Users/jgoodwin/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA ed:d4:92:3f:33:bd:dd:b9:eb:d1:b2:19:4c:f1:70:e9
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /Users/jgoodwin/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Build step 'Execute shell' marked build as failure
Edit: successful attempt added 8/15编辑:成功尝试添加 8/15
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to hostname [ip] port 22.
debug1: Connection established.
debug1: identity file /Users/jgoodwin/.ssh/id_rsa type 1
debug1: identity file /Users/jgoodwin/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 40:bf:b5:74:1c:5f:b6:93:00:4b:ca:1d:fc:0f:39:ec
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /Users/jgoodwin/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to hostname ([54.226.250.218]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_CA.UTF-8
Last login: Thu Aug 15 13:09:32 2013 from 66.199.39.230
Multiple reasons could cause this behavior, like key caching with agent / keychain manager, etc.多种原因可能导致此行为,例如使用代理/钥匙串管理器进行密钥缓存等。
I would suggest to use the -v argument to compare the 2 outputs:我建议使用 -v 参数来比较 2 个输出:
ssh -v -i /Users/jgoodwin/.ssh/id_rsa remoteuser@server
This will let you compare what is going in in a more verbose way.这将让您以更详细的方式比较正在发生的事情。 If you still cannot solve it, please post your verbose outputs to compare.如果您仍然无法解决它,请发布您的详细输出以进行比较。
Note: you can add up to 3 -v arguments for increased verbosity.注意:您最多可以添加 3 个 -v 参数以增加详细程度。
Updated :更新:
@JasonG From what I see the details of the failure are: @JasonG 从我看到的失败的细节是:
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type debug1: read_passphrase: can't open /dev/tty: Device not configured debug1:提供 RSA 公钥:/Users/jgoodwin/.ssh/id_rsa debug1:服务器接受密钥:pkalg ssh-rsa blen 279 debug1:key_parse_private_pem:PEM_read_PrivateKey 失败 debug1:读取 PEM 私钥完成:类型 debug1:read_passtphrase打开/dev/tty:设备未配置
It looks like your key has a passphrase and the passphrase cannot be entered because we are not in an interactive shell.看起来您的密钥有密码,但无法输入密码,因为我们不在交互式 shell 中。 The command line from your standard shell may benefit from the Keycahin which would 'type the passphrase' for you.您的标准 shell 中的命令行可能会受益于 Keycahin,它会为您“输入密码”。
If you could generate the same verbosity for your successful command so that we could compare...如果您可以为成功的命令生成相同的详细信息,以便我们可以比较...
Jenkins run shell scripts is slight different with cmd line on environment Jenkins 运行 shell 脚本与环境中的 cmd 行略有不同
there are some environment difference in your case, which we didn't notice.您的情况存在一些环境差异,我们没有注意到。 like initial script, path setting.比如初始脚本,路径设置。
besides the method provided by @coffeebreaks, try below除了@coffeebreaks 提供的方法,试试下面
env
检查系统环境,如 show command env
In my situation, I was using a keychain (as @coffeebreaks suggested) which was being setup when I sourced in the jenkins user .bashrc file.在我的情况下,我使用了一个钥匙串(如@coffeebreaks 建议的那样),当我在 jenkins 用户 .bashrc 文件中获取时正在设置它。 Unfortunately, the jenkins backend doesn't seem to source this file like a standard shell login does.不幸的是,jenkins 后端似乎不像标准的 shell 登录那样获取这个文件。
The solution was to add the following code prior to the scp call in the Jenkins pipeline:解决方案是在 Jenkins 管道中的 scp 调用之前添加以下代码:
. ~/.bashrc
Looks like the public key is missing under /Users/jgoodwin/.ssh/id_rsa.pub instead id_rsa there.... can you pls double check and provide permission 600 to that file and re-run your jenkins job看起来 /Users/jgoodwin/.ssh/id_rsa.pub 下缺少公钥,而不是 id_rsa 那里......你能不能仔细检查一下并为该文件提供 600 权限并重新运行你的 jenkins 工作
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1:提供 RSA 公钥:/Users/jgoodwin/.ssh/id_rsa debug1:服务器接受密钥:pkalg ssh-rsa blen 279 debug1:key_parse_private_pem:PEM_read_PrivateKey 失败
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.