3

我让 Jenkins 在我的本地机器上运行,试图找出我在服务器上遇到的远程 ssh 问题。我收到此权限被拒绝错误,这表明密钥有问题,但从 shell 上的同一用户帐户,我绝对可以连接。

Started by user anonymous
Building in workspace /Users/jgoodwin/jenkins/workspace/app
[postprocessor] $ /bin/sh -xe /var/folders/b0/h_wtmzss6cx11p6153y9h2cr0000gn/T/hudson4163212101874527747.sh
+ echo /Users/jgoodwin
/Users/jgoodwin
+ whoami
jgoodwin
+ ssh -i /Users/jgoodwin/.ssh/id_rsa remoteuser@server 'echo success'
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Build step 'Execute shell' marked build as failure
Finished: FAILURE

这是在 shell 上运行的:

Jasons-MacBook-Air:~ jgoodwin$ echo $HOME
/Users/jgoodwin
Jasons-MacBook-Air:~ jgoodwin$ whoami
jgoodwin
Jasons-MacBook-Air:~ jgoodwin$ ssh -i /Users/jgoodwin/.ssh/id_rsa remoteuser@server 'echo success'
success

我很困惑——过去我和哈德森一起做过很多工作,我认为我在做这类工作时没有任何问题。该错误表明密钥有问题,但它们显然很好。

编辑:

根据请求的详细日志

OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to hostname [ip] port 22.
debug1: Connection established.
debug1: identity file /Users/jgoodwin/.ssh/id_rsa type 1
debug1: identity file /Users/jgoodwin/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA ed:d4:92:3f:33:bd:dd:b9:eb:d1:b2:19:4c:f1:70:e9
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /Users/jgoodwin/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Build step 'Execute shell' marked build as failure

编辑:成功尝试添加 8/15

OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to hostname [ip] port 22.
debug1: Connection established.
debug1: identity file /Users/jgoodwin/.ssh/id_rsa type 1
debug1: identity file /Users/jgoodwin/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 40:bf:b5:74:1c:5f:b6:93:00:4b:ca:1d:fc:0f:39:ec
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /Users/jgoodwin/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to hostname ([54.226.250.218]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_CA.UTF-8
Last login: Thu Aug 15 13:09:32 2013 from 66.199.39.230
4

5 回答 5

10

多种原因可能导致此行为,例如使用代理/钥匙串管理器进行密钥缓存等。

我建议使用 -v 参数来比较 2 个输出:

ssh -v -i /Users/jgoodwin/.ssh/id_rsa remoteuser@server

这将使您以更详细的方式比较正在发生的事情。如果您仍然无法解决它,请发布您的详细输出以进行比较。

注意:您最多可以添加 3 个 -v 参数以增加详细程度。

更新

@JasonG 从我看到的失败细节是:

debug1:提供 RSA 公钥:/Users/jgoodwin/.ssh/id_rsa debug1:服务器接受密钥:pkalg ssh-rsa blen 279 debug1:key_parse_private_pem:PEM_read_PrivateKey 失败 debug1:读取 PEM 私钥完成:键入 debug1:read_passphrase:不能打开 /dev/tty:设备未配置

看起来您的密钥有一个密码,并且无法输入密码,因为我们不在交互式 shell 中。您的标准 shell 中的命令行可能会受益于 Keycahin,它会为您“输入密码”。

如果您可以为成功的命令生成相同的详细程度,以便我们可以比较......

于 2013-08-12T18:02:44.117 回答
1

Jenkins 运行 shell 脚本与环境中的 cmd 行略有不同

您的情况存在一些环境差异,我们没有注意到。像初始脚本,路径设置。

除了@coffeebreaks提供的方法,试试下面

  • 检查系统环境,如 show 命令env
  • 将上述步骤写入 bash 脚本并在 cmd 行和 jenkins 作业中运行脚本
  • 使用另一个用户而不是启动 jenkins 实例的初始用户
于 2013-08-14T00:29:23.860 回答
0

看起来 /Users/jgoodwin/.ssh/id_rsa.pub 下缺少公钥,而不是 id_rsa 那里....您能否仔细检查并为该文件提供权限 600 并重新运行您的詹金斯作业

debug1:提供 RSA 公钥:/Users/jgoodwin/.ssh/id_rsa debug1:服务器接受密钥:pkalg ssh-rsa blen 279 debug1:key_parse_private_pem:PEM_read_PrivateKey 失败

于 2020-11-24T17:52:24.700 回答
0

在我的情况下,我使用的是一个钥匙串(正如@coffeebreaks 建议的那样),当我在 jenkins 用户 .bashrc 文件中获取时正在设置它。不幸的是,jenkins 后端似乎不像标准 shell 登录那样获取这个文件。

解决方案是在 Jenkins 管道中的 scp 调用之前添加以下代码:

. ~/.bashrc
于 2019-01-22T21:12:47.137 回答