windows server 2016 使用 git ssh(主機密鑰驗證失敗)

Question

我可以在 temp_npp 用戶下的 CMD 中執行此操作。但是，在 PHP exec 中執行時，它返回錯誤。 我在遠程訪問 PHP 時打印的用戶與我在執行 CMD 時打印的用戶不同。但我也將相關的。Z1787D7646304C5D987CF4E64A3973DC7 文件放在遠程執行目錄中。

這是代碼

$pro_dir = __DIR__;
$pro_dir  = iconv('utf-8', 'gb2312', $pro_dir);
echo $pro_dir;
echo "<br/>";
chdir($pro_dir);
echo "<br/>";
echo getcwd();
echo "<br/>";
echo shell_exec('echo %username% 2>&1');
echo "<br/>";
echo shell_exec('echo %userprofile% 2>&1');
echo shell_exec('echo %HOMEDRIVE% 2>&1');
echo shell_exec('echo %SYSTEMDRIVE% 2>&1');

$ssh = "\"F:\Program Files\OpenSSH\bin\ssh.exe\"  -vvv git@gitee.com 2>&1";
exec($ssh,$out2);
echo "<br/>";
print_r($out2);
$shell = "\"F:\Program Files\Git\bin\git.exe\" pull 2>&1";
exec($shell,$out);
echo "<br/>";
print_r($out);

這是結果

WechatDatabase$ 
<br/>C:\Windows\system32\config\systemprofile 
%HOMEDRIVE% 
C: 
<br/>Array
(
    [0] => OpenSSH_8.4p1, OpenSSL 1.1.1f  31 Mar 2020
    [1] => Pseudo-terminal will not be allocated because stdin is not a terminal.
    [2] => debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/.ssh/known_hosts'
    [3] => debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/.ssh/known_hosts2'
    [4] => debug2: resolving "gitee.com" port 22
    [5] => debug2: ssh_connect_direct
    [6] => debug1: Connecting to gitee.com [180.97.125.228] port 22.
    [7] => debug1: Connection established.
    [8] => debug1: identity file /.ssh/id_rsa type 0
    [9] => debug1: identity file /.ssh/id_rsa-cert type -1
    [10] => debug1: identity file /.ssh/id_dsa type -1
    [11] => debug1: identity file /.ssh/id_dsa-cert type -1
    [12] => debug1: identity file /.ssh/id_ecdsa type -1
    [13] => debug1: identity file /.ssh/id_ecdsa-cert type -1
    [14] => debug1: identity file /.ssh/id_ecdsa_sk type -1
    [15] => debug1: identity file /.ssh/id_ecdsa_sk-cert type -1
    [16] => debug1: identity file /.ssh/id_ed25519 type -1
    [17] => debug1: identity file /.ssh/id_ed25519-cert type -1
    [18] => debug1: identity file /.ssh/id_ed25519_sk type -1
    [19] => debug1: identity file /.ssh/id_ed25519_sk-cert type -1
    [20] => debug1: identity file /.ssh/id_xmss type -1
    [21] => debug1: identity file /.ssh/id_xmss-cert type -1
    [22] => debug1: Local version string SSH-2.0-OpenSSH_8.4
    [23] => debug1: Remote protocol version 2.0, remote software version Basalt-3.0.0
    [24] => debug1: no match: Basalt-3.0.0
    [25] => debug2: fd 3 setting O_NONBLOCK
    [26] => debug1: Authenticating to gitee.com:22 as 'git'
    [27] => debug3: send packet: type 20
    [28] => debug1: SSH2_MSG_KEXINIT sent
    [29] => debug3: receive packet: type 20
    [30] => debug1: SSH2_MSG_KEXINIT received
    [31] => debug2: local client KEXINIT proposal
    [32] => debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
    [33] => debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
    [34] => debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    [35] => debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    [36] => debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    [37] => debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    [38] => debug2: compression ctos: none,zlib@openssh.com,zlib
    [39] => debug2: compression stoc: none,zlib@openssh.com,zlib
    [40] => debug2: languages ctos:
    [41] => debug2: languages stoc:
    [42] => debug2: first_kex_follows 0
    [43] => debug2: reserved 0
    [44] => debug2: peer server KEXINIT proposal
    [45] => debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1
    [46] => debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
    [47] => debug2: ciphers ctos: aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
    [48] => debug2: ciphers stoc: aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
    [49] => debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96
    [50] => debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96
    [51] => debug2: compression ctos: none
    [52] => debug2: compression stoc: none
    [53] => debug2: languages ctos:
    [54] => debug2: languages stoc:
    [55] => debug2: first_kex_follows 0
    [56] => debug2: reserved 0
    [57] => debug1: kex: algorithm: curve25519-sha256@libssh.org
    [58] => debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    [59] => debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    [60] => debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    [61] => debug3: send packet: type 30
    [62] => debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    [63] => debug3: receive packet: type 31
    [64] => debug1: Server host key: ecdsa-sha2-nistp256 SHA256:FQGC9Kn/eye1W8icdBgrQp+KkGYoFgbVr17bmjey0Wc
    [65] => debug1: read_passphrase: can't open /dev/tty: No such device or address
    [66] => Host key verification failed.
)
<br/>Array
(
    [0] => Host key verification failed.
    [1] => fatal: Could not read from remote repository.
    [2] => 
    [3] => Please make sure you have the correct access rights
    [4] => and the repository exists.
)

Answer 1

read_passphrase: can't open /dev/tty

這表明私鑰受密碼保護，不能在非交互式 PHP session 中輸入。

為了測試，請嘗試在“遠程執行用戶的配置目錄”（他們的~/.ssh文件夾）中添加一個不帶密碼的私鑰，看看它是否有效。