0

我正在尝试为我的 ROR 网站对 EC2 实例(Amazon 映像)执行“cap ec2onrails:setup”,但无论我做什么,身份验证都会不断要求我输入密码。我已经尝试了我在这个论坛和/或其他论坛中读到的几乎所有内容:

  • 将公钥从 ~/.ssh 复制到 ec2-user@_.sa-east-1.compute.amazonaws.com:/home/ec2-user/.ssh/authorized_keys2 (或authorized_keys)
  • 使用 Amazon 管理控制台生成私钥,然后将公钥从服务器复制到我的机器
  • 使用 ssh-add -l 添加这些密钥中的任何一个
  • 使用 ssh-keychain 生成新密钥
  • 使用我机器中已有的公钥/私钥集(id_rsa & id_rsa.pub)
  • 按照上述 ^^ 约定命名键
  • chmod 400 用于 ~/.ssh 中的键
  • 将键移动到 ~/.ec2
  • 设置环境变量,如此处所述

笔记:

  • 使用 ssh 和 AWS .pem 密钥连接到服务器就可以了
  • 我如何在“ssh_options”中设置“keys”值并不重要,Capistrano 似乎总是忽略它。但是,它不会忽略 ssh-add -l 中列出的键

这是我尝试设置关键路径的方法

set :ssh_options, {:keys => ["/Users/dalef/.ssh/pk"]}

这是我最新测试的输出代码,使用详细输出

Damians-MacBook-Pro:test dalef$ cap ec2onrails:setup
[Deprecation Warning] This API has changed, please hook `deploy:create_symlink` instead of `deploy:symlink`.
  * 2013-03-20 20:10:52 executing `ec2onrails:setup'
  * 2013-03-20 20:10:52 executing `ec2onrails:server:update_hostname'
  * executing "sudo -p 'sudo password: ' /usr/local/ec2onrails/bin/update_hostname"
    servers: ["___.sa-east-1.compute.amazonaws.com"]
D, [2013-03-20T20:10:52.471872 #2647] DEBUG -- net.ssh.transport.session[3fe825c3c40c]: establishing connection to ___.sa-east-1.compute.amazonaws.com:22
D, [2013-03-20T20:10:52.539934 #2647] DEBUG -- net.ssh.transport.session[3fe825c3c40c]: connection established
I, [2013-03-20T20:10:52.540236 #2647]  INFO -- net.ssh.transport.server_version[3fe825c45728]: negotiating protocol version
D, [2013-03-20T20:10:52.591866 #2647] DEBUG -- net.ssh.transport.server_version[3fe825c45728]: remote is `SSH-2.0-OpenSSH_5.3'
D, [2013-03-20T20:10:52.591965 #2647] DEBUG -- net.ssh.transport.server_version[3fe825c45728]: local is `SSH-2.0-Ruby/Net::SSH_2.6.6 x86_64-darwin12.2.0'
D, [2013-03-20T20:10:52.635419 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 784 bytes
D, [2013-03-20T20:10:52.635555 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 0 type 20 len 780
I, [2013-03-20T20:10:52.635654 #2647]  INFO -- net.ssh.transport.algorithms[3fe825c484dc]: got KEXINIT from server
I, [2013-03-20T20:10:52.635844 #2647]  INFO -- net.ssh.transport.algorithms[3fe825c484dc]: sending KEXINIT
D, [2013-03-20T20:10:52.636042 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 0 type 20 len 1620
D, [2013-03-20T20:10:52.636141 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 1624 bytes
I, [2013-03-20T20:10:52.636196 #2647]  INFO -- net.ssh.transport.algorithms[3fe825c484dc]: negotiating algorithms
D, [2013-03-20T20:10:52.636319 #2647] DEBUG -- net.ssh.transport.algorithms[3fe825c484dc]: negotiated:
* kex: diffie-hellman-group-exchange-sha1
* host_key: ssh-rsa
* encryption_server: aes128-cbc
* encryption_client: aes128-cbc
* hmac_client: hmac-sha1
* hmac_server: hmac-sha1
* compression_client: none
* compression_server: none
* language_client: 
* language_server: 
D, [2013-03-20T20:10:52.636373 #2647] DEBUG -- net.ssh.transport.algorithms[3fe825c484dc]: exchanging keys
D, [2013-03-20T20:10:52.636563 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 1 type 34 len 20
D, [2013-03-20T20:10:52.636613 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 24 bytes
D, [2013-03-20T20:10:52.738438 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 152 bytes
D, [2013-03-20T20:10:52.738637 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 1 type 31 len 148
D, [2013-03-20T20:10:52.744324 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 2 type 32 len 140
D, [2013-03-20T20:10:52.744468 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 144 bytes
D, [2013-03-20T20:10:52.790733 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 720 bytes
D, [2013-03-20T20:10:52.790938 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 2 type 33 len 700
D, [2013-03-20T20:10:52.795329 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 3 type 21 len 20
D, [2013-03-20T20:10:52.795447 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 24 bytes
D, [2013-03-20T20:10:52.795542 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 3 type 21 len 12
D, [2013-03-20T20:10:52.795871 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: beginning authentication of `admin'
D, [2013-03-20T20:10:52.796008 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 4 type 5 len 28
D, [2013-03-20T20:10:52.796071 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 52 bytes
D, [2013-03-20T20:10:52.944233 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes
D, [2013-03-20T20:10:52.944626 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 4 type 6 len 28
D, [2013-03-20T20:10:52.945125 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: trying publickey
D, [2013-03-20T20:10:52.945906 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: connecting to ssh-agent
D, [2013-03-20T20:10:52.946221 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: sending agent request 1 len 51
D, [2013-03-20T20:10:52.946460 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: received agent packet 2 len 5
D, [2013-03-20T20:10:52.946578 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: sending agent request 11 len 0
D, [2013-03-20T20:10:52.946859 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: received agent packet 12 len 294
D, [2013-03-20T20:10:52.947478 #2647] DEBUG -- net.ssh.authentication.methods.publickey[3fe826263fd8]: trying publickey (b7:96:23:2d:21:f3:5e:dd:ba:e9:7c:7d:f5:4c:fd:0c)
D, [2013-03-20T20:10:52.947821 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 5 type 50 len 348
D, [2013-03-20T20:10:52.947994 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 372 bytes
D, [2013-03-20T20:10:52.993286 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes
D, [2013-03-20T20:10:52.993497 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 5 type 51 len 28
D, [2013-03-20T20:10:52.993717 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: allowed methods: publickey
D, [2013-03-20T20:10:52.993904 #2647] DEBUG -- net.ssh.authentication.methods.publickey[3fe826263fd8]: trying publickey (40:2c:20:e7:0c:f4:65:32:76:7c:39:5e:83:84:70:b2)
D, [2013-03-20T20:10:52.994095 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 6 type 50 len 348
D, [2013-03-20T20:10:52.994202 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 372 bytes
D, [2013-03-20T20:10:53.035308 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes
D, [2013-03-20T20:10:53.035556 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 6 type 51 len 28
D, [2013-03-20T20:10:53.035693 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: allowed methods: publickey
E, [2013-03-20T20:10:53.035782 #2647] ERROR -- net.ssh.authentication.session[3fe826273f28]: all authorization methods failed (tried publickey)
Password:

这是我最新测试的密钥列表(只是我从服务器检索到的那个)

Damians-MacBook-Pro:test dalef$ ssh-add -l
2048 b7:96:23:2d:21:f3:5e:dd:ba:e9:7c:7d:f5:4c:fd:0c pk (RSA)

有什么我想念的吗?我已经接近尝试基于密码的身份验证了。

谢谢!!

更新

仍在尝试替代方案。我还通过与 AWS 密钥指纹和授权密钥进行比较来确保我使用了正确的密钥

From Amazon:
dalef 90:04:34:df:75:cc:9c:f0:90:4f:77:17:98:ee:ec:c1:95:d9:f6:14

Damians-MacBook-Pro:.ssh dalef$ ec2-fingerprint-key dalef
90:04:34:df:75:cc:9c:f0:90:4f:77:17:98:ee:ec:c1:95:d9:f6:14
Damians-MacBook-Pro:.ssh dalef$ ssh-add dalef
Identity added: dalef (dalef)
Damians-MacBook-Pro:.ssh dalef$ ssh-add -l
2048 40:2c:20:e7:0c:f4:65:32:76:7c:39:5e:83:84:70:b2 id_rsa (RSA)
2048 e6:02:1a:a4:2a:f9:63:4a:b7:de:66:60:f2:fa:0c:b4 dalef (RSA)


[ec2-user@___ .ssh]$ cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcfgMIAbEfNAiSgi4zXsObR1zGPHzVbff2suB/J2rLVgr5XNfLhf+kTRzTij0IWsutYj45j/eI87xC912WYtNG2An8262JwqRJZfwbnfDHMjwPQRwlDNjgGWRZwl8x9HO1V7EmBCaEEpeXg0ogbdhM386f/TTdWdUOofSqTEjuN2Nk73OHirPAj7MuWSGwGAwKCS4In2KbGAP/hk0c/PsCx52J+zjp2lteEaA9qWIovQggRw73dAqV++czMwCx2+7GMGxGx21fgSH4cYZ7Q6XxAxBkmsO7yoKZHUFj5QobSJ1TVh7N/61bFInt6Ua6btTXC7jwaATzkOBkv/rwLgtN **dalef**

仍然要求输入密码。

更新 我的设置一定有问题。我尝试允许密码连接,但这也不起作用。我是否需要开始考虑 Capistrano 替代品?

这是日志

[ec2-user@___ ~]$ sudo vi /etc/ssh/sshd_config 
PasswordAuthentication yes
[ec2-user@___ ~]$ sudo passwd ec2-user
Changing password for user ec2-user.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[ec2-user@___ ~]$ exit
...
E, [2013-03-21T00:31:02.582111 #3739] ERROR -- net.ssh.authentication.session[3fd0f6e21178]: all authorization methods failed (tried password)
connection failed for: admin@___.sa-east-1.compute.amazonaws.com (Net::SSH::AuthenticationFailed: admin)

从这些日志中,我假设 Capistrano 正在尝试以管理员身份登录。如何将其更改为 ec2-user?(我已经尝试在 deploy.rb 中设置:user,“ec2-user”)

4

1 回答 1

2

所以经过大量阅读,我找到了解决方案。这为我指明了正确的方向:https ://serverfault.com/questions/55343/cant-get-ssh-public-key-authentication-to-work

主要问题是我不知道自己在做什么。所以无论如何,如果有人对我提出的解决方案感兴趣:

  • 不知何故,Capistrano 总是使用一个管理员用户,除了你设置的那个,所以我创建了一个。您可以继续执行以下步骤:http ://aws.amazon.com/articles/1233
  • 我使用 ssh-keygen -b 1024 -f ec2admin -t dsa 创建了自己的一组 pub/private 密钥
  • 我使用 scp 将 ec2admin.pub 文件复制到服务器中的 /home/admin/.ssh
  • 我将 pub 内容附加到服务器中的 /home/admin/.ssh/authorized_keys 文件中
  • 然后它真的有助于阅读 sshd 日志:/var/log/secure (YMMV)

  • 最后解决了 /home 的三个错误权限:

    chmod 700 /home/.ssh

    chmod 600 /home/.ssh/*

    chmod 755 /home/admin

这就是诀窍。我现在可以不用密码登录了。谢谢你的帮助!

于 2013-03-26T01:56:56.353 回答