I'm using org/x/crypto/ssh package to build a cli application to ssh through bastion to a server using ssh certs. Basic workflow is; cli tool gets the users public key and get it signed from vault ssh ca, and that resulting cert is used to authenticate the user to the servers. It worked fine.
configure := &ssh.ClientConfig{
User: "ec2-user",
Auth: []ssh.AuthMethod{
// Use the PublicKeys method for remote authentication.
ssh.PublicKeys(certSigner),
},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
//log.Println(config.bastionserver.publicIP)
// Connect to the remote server and perform the SSH handshake.
proxyClient, err := ssh.Dial("tcp", net.JoinHostPort(config.bastion.publicIP, "22"), configure)
if err != nil {
log.Fatalln(err)
}
session, err := proxyClient.NewSession()
if err != nil {
log.Fatalln(err)
}
defer session.Close()
if err = session.Shell(); err != nil {
log.Fatalln(err)
}
session.Wait()
I made some changes and reverted back to the code and I started getting the following error. I used git to revert.
ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
So I reduced the complexity and tried the following block to try to connect just to the bastion through the cli app I'm building.
cmd := exec.Command("ssh", "-i", signedKeyPath, "-i", privateKeyPath, "ec2-user@host")
fmt.Println(cmd.String())
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
err = cmd.Run()
if err != nil {
log.Fatalln(err)
}
still it exits with
/usr/bin/ssh -i /home/rochana/.ssh/id_rsa-cert.pub -i /home/rochana/.ssh/id_rsa ec2-user@host ec2-user@host: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). 2020-02-17 11:01:25.168548 I | exit status 255.
I tried compiling and running it on a different PC and I get the same results. I tried saving the cert to disk and giving the path.
but if I run the same command on terminal. It works fine and connects to the instance.
ssh -i ~/.ssh/id_rsa-cert.pub -i ~/.ssh/id_rsa ec2-user@host
or just copy and paste cmd.String() output
/usr/bin/ssh -i /home/rochana/.ssh/id_rsa-cert.pub -i /home/rochana/.ssh/id_rsa ec2-user@host
everything works fine when I run directly on terminal but not with exec command
错误是由于 Vault 服务器无法同步其时间。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.