cmd := exec.Command("ssh", "ec2-user@publicip") 退出时权限被拒绝 (publickey,gssapi-keyex,gssapi-with-mic)
[英]cmd := exec.Command("ssh", "ec2-user@publicip") exits with Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
问题描述
I'm using org/x/crypto/ssh package to build a cli application to ssh through bastion to a server using ssh certs.
我正在使用 org/x/crypto/ssh 包来构建一个 cli 应用程序,以使用 ssh 证书通过堡垒 ssh 到服务器。 Basic workflow is;基本工作流程是; cli tool gets the users public key and get it signed from vault ssh ca, and that resulting cert is used to authenticate the user to the servers. cli 工具获取用户公钥并从 vault ssh ca 对其进行签名,并且生成的证书用于向服务器验证用户身份。 It worked fine.它工作得很好。
configure := &ssh.ClientConfig{
User: "ec2-user",
Auth: []ssh.AuthMethod{
// Use the PublicKeys method for remote authentication.
ssh.PublicKeys(certSigner),
},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
//log.Println(config.bastionserver.publicIP)
// Connect to the remote server and perform the SSH handshake.
proxyClient, err := ssh.Dial("tcp", net.JoinHostPort(config.bastion.publicIP, "22"), configure)
if err != nil {
log.Fatalln(err)
}
session, err := proxyClient.NewSession()
if err != nil {
log.Fatalln(err)
}
defer session.Close()
if err = session.Shell(); err != nil {
log.Fatalln(err)
}
session.Wait()
I made some changes and reverted back to the code and I started getting the following error.我做了一些更改并恢复到代码,我开始收到以下错误。 I used git to revert.我用git来恢复。
ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
So I reduced the complexity and tried the following block to try to connect just to the bastion through the cli app I'm building.所以我降低了复杂性并尝试了以下块来尝试通过我正在构建的 cli 应用程序连接到堡垒。
cmd := exec.Command("ssh", "-i", signedKeyPath, "-i", privateKeyPath, "ec2-user@host")
fmt.Println(cmd.String())
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
err = cmd.Run()
if err != nil {
log.Fatalln(err)
}
still it exits with它仍然退出
/usr/bin/ssh -i /home/rochana/.ssh/id_rsa-cert.pub -i /home/rochana/.ssh/id_rsa ec2-user@host ec2-user@host: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I tried compiling and running it on a different PC and I get the same results.我尝试在不同的 PC 上编译和运行它,但得到了相同的结果。 I tried saving the cert to disk and giving the path.我尝试将证书保存到磁盘并给出路径。
but if I run the same command on terminal.但是如果我在终端上运行相同的命令。 It works fine and connects to the instance.它工作正常并连接到实例。
ssh -i ~/.ssh/id_rsa-cert.pub -i ~/.ssh/id_rsa ec2-user@host
or just copy and paste cmd.String() output或者只是复制并粘贴 cmd.String() 输出
/usr/bin/ssh -i /home/rochana/.ssh/id_rsa-cert.pub -i /home/rochana/.ssh/id_rsa ec2-user@host
everything works fine when I run directly on terminal but not with exec command当我直接在终端上运行但不使用 exec 命令时,一切正常
1 个解决方案
解决方案1
0 2020-02-20 13:37:24
错误是由于 Vault 服务器无法同步其时间。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.