面料、fabfile、fab：paramiko.ssh_exception.SSHException：不存在 session

Question

cf_key 是我的私鑰 ssh。 請查看我的回溯和代碼，看看我做錯了什么。 我已經編輯了實際的服務器名稱並將其替換為“”。 看起來像“密鑰不能用於簽名”。 我的鑰匙出了什么問題？

我執行了以下命令： fab doit 'cf_key' refresh 'dev'並收到此錯誤：

maintenance on
Exception: key cannot be used for signing
Traceback (most recent call last):
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/paramiko/transport.py", line 2109, in run
    handler(self.auth_handler, m)
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/paramiko/auth_handler.py", line 298, in _parse_service_accept
    sig = self.private_key.sign_ssh_data(blob)
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/paramiko/agent.py", line 418, in sign_ssh_data
    raise SSHException("key cannot be used for signing")
paramiko.ssh_exception.SSHException: key cannot be used for signing

Traceback (most recent call last):
  File "/home/michael/projects/campaignfinances/venv/bin/fab", line 8, in <module>
    sys.exit(program.run())
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/invoke/program.py", line 384, in run
    self.execute()
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/invoke/program.py", line 566, in execute
    executor.execute(*self.tasks)
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/invoke/executor.py", line 129, in execute
    result = call.task(*args, **call.kwargs)
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/invoke/tasks.py", line 127, in __call__
    result = self.body(*args, **kwargs)
  File "/home/michael/projects/campaignfinances/fabfile.py", line 51, in refresh
    conn.run('sudo ln -sf /home/django/sites/{0}.campaignfinances.org/src/project/templates/maintenance.html {0}-maintenance.html'.format(server))
  File "<decorator-gen-3>", line 2, in run
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/fabric/connection.py", line 29, in opens
    self.open()
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/fabric/connection.py", line 634, in open
    self.client.connect(**kwargs)
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/paramiko/client.py", line 446, in connect
    passphrase,
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/paramiko/client.py", line 764, in _auth
    raise saved_exception
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/paramiko/client.py", line 740, in _auth
    self._transport.auth_publickey(username, key)
  File "/home/michael/projects/campaignfinances/venv/lib/python3.6/site-packages/paramiko/transport.py", line 1570, in auth_publickey
    raise SSHException("No existing session")
paramiko.ssh_exception.SSHException: No existing session

fab文件.py

###################################################################
#
# Usage:
# fab doit(path_to_ssh_key) refresh('dev|staging')
# fab doit(path_to_ssh_key) maintenanceon('dev|staging')
# fab doit(path_to_ssh_key) maintenanceoff('dev|staging')
#
# fab doit(path_to_ssh_key) productionrefresh
#
# Example: fab doit('c:\users\tom\.ssh\id_rsa.pem') maintenanceon('dev')
#
# If you use a passphrase then add --prompt-for-passphrase
####################################################################
from fabric import task, Connection


@task
def doit(ctx, keypath):
    ctx.user = 'django'
    ctx.host = '<servername>'
    ctx.connect_kwargs.key_filename = ''.format(keypath)


@task
def maintenanceon(ctx, server):
    conn = Connection(ctx.host, ctx.user, connect_kwargs=ctx.connect_kwargs)
    # create ln to maintenance file
    print('maintenance on')
    with conn.cd('/usr/share/nginx/html/'):
        conn.run('sudo ln -sf /home/django/sites/{0}.<servername>/src/project/templates/maintenance.html {0}-maintenance.html'.format(server))


@task
def maintenanceoff(ctx, server):
    conn = Connection(ctx.host, ctx.user, connect_kwargs=ctx.connect_kwargs)
    # create ln to maintenance file
    print('maintenance off')
    with conn.cd('/usr/share/nginx/html/'):
        conn.run('sudo unlink {}-maintenance.html'.format(server))


@task
def refresh(ctx, server):
    env_command = '. /home/django/sites/{0}.<servername>.com/{0}/bin/activate'.format(server)

    conn = Connection(ctx.host, ctx.user, connect_kwargs=ctx.connect_kwargs)

    # set to maintenance mode
    with conn.cd('/usr/share/nginx/html/'):
        print('maintenance on')
        conn.run('sudo ln -sf /home/django/sites/{0}.<servername>.com/src/project/templates/maintenance.html {0}-maintenance.html'.format(server))
    # refresh install
    with conn.cd('/home/django/sites/{}.<servername>.com/src/'.format(server)):
        print('git pull')
        conn.run('git pull')
    # check requirements
    with conn.cd('/home/django/sites/{}.<servername>.com/src/requirements/'.format(server)):
        print('pip-sync')
        conn.run(env_command + '&&' + 'pip-sync {}.txt'.format(server))
    # run migrations and collectstatic
    with conn.cd('/home/django/sites/{}.<servername>.com/src/project/'.format(server)):
        print('migrate')
        conn.run(env_command + '&&' + 'python manage.py migrate')
        print('collecstatic')
        conn.run(env_command + '&&' + 'python manage.py collectstatic --no-input')
    # restart server
    print('restart server')
    conn.sudo('systemctl restart {}.service'.format(server), pty=True)

    # maintenance mode off
    with conn.cd('/usr/share/nginx/html/'):
        print('maintenance off)')
        conn.run('sudo unlink {}-maintenance.html'.format(server))


@task
def productionrefresh(ctx):
    env_command = '. /home/django/sites/www.<servername>.com/www/bin/activate'

    conn = Connection(ctx.host, ctx.user, connect_kwargs=ctx.connect_kwargs)

    # set to maintenance mode
    with conn.cd('/usr/share/nginx/html/'):
        print('Set to maintenance mode')
        conn.run('sudo ln -sf /home/django/sites/www.<servername>.com/src/project/templates/maintenance.html prod-maintenance.html')
    # refresh install
    with conn.cd('/home/django/sites/www.<servername>.com/src/'):
        print('Git pull')
        conn.run('git pull')
    # check requirements
    with conn.cd('/home/django/sites/www.<servername>.com/src/requirements/'):
        print('pip-sync production.txt')
        conn.run(env_command + '&&' + 'pip-sync production.txt')
    # run migrations and collectstatic
    with conn.cd('/home/django/sites/www.<servername>.com/src/project/'):
        print('python manage.py migrate')
        conn.run(env_command + '&&' + 'python manage.py migrate')
        print('python manage.py collectstatic')
        conn.run(env_command + '&&' + 'python manage.py collectstatic --no-input')
    # restart server
    print('restart production service')
    conn.sudo('systemctl restart production.service', pty=True)
    # maintenance mode off
    with conn.cd('/usr/share/nginx/html/'):
        print('maintenance off')
        conn.run('sudo unlink prod-maintenance.html')


@task
def productioncollect(ctx):
    env_command = '. /home/django/sites/www.<servername>.com/www/bin/activate'

    conn = Connection(ctx.host, ctx.user, connect_kwargs=ctx.connect_kwargs)
    with conn.cd('/home/django/sites/www.<servername>.com/src/project/'):
        conn.run(env_command + '&&' + 'python manage.py collectstatic --no-input')

Answer 1

您是否能夠使用帶有該密鑰的 openssh 客戶端將 ssh 發送到服務器？ output 表明你的密鑰不能用於簽名，這是我以前從未見過的。

此外，測試密鑰是否對簽名有效，如下所示：

redkrieg@cortex-0:~$ echo "signme" > testfile
redkrieg@cortex-0:~$ ssh-keygen -Y sign -f cf_key -n testsigning testfile
Signing file testfile
Write signature to testfile.sig

確保 testfile.sig 中有一個 SSH SIGNATURE 塊。