無法通過 ansible ping遠程用戶

分享于 

20分钟阅读

互联网

  简体 双语

问题:

( CtrlNode的用户) 远程机器,我尝试连接远程机器,当我尝试连接远程机器上的用户( rhelnode1 ) 时,会出现错误消息"权限被拒绝( publickey,gssapi-keyex,gssapi-with-mic,密码)

  • 我已经更改了ssh服务器的配置文件( rhelnode1 ) 并重启了服务器

  • 我在VISUDO文件中添加了远程用户( rhelnode1 )

  • 我在远程机器( rhelnode1 ) 中添加了主机( CtrlNode ) public 密钥,使用了". ssh"和( 600 )的权限( 700 )"authorized_keys""


ctrlnode@ip--XX-XX-XXX:~$ cd. ssh


**ctrlnode@ip-XX-XX-XX-XXX:~/.ssh$ cat id_rsa.pub** 


ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDATfN6+GAr+XTt/qW8YxS1mBZSXHiaoOnH5iDcVkGbylHORZyOjpxpQtbBFV3LoeAmwudz6mhEgd2JTt5UzBU7Hbz0qkKVjb+4R1iiHQlqoGs57MyHBdoiYnNVThyRbS9nIOseMPK5vdYr8OhPawPV9IqhWl6j1oWVNRd7olbPzUccsrAfrmUxI9cNI+c2m6ZqzEdCvb2DtklHM6tBL9J0oOoT2BHvatZd58WKoJnKh9z2Om/ymwTq4FMRxZszhoskhqXA6s9GFnManWeFpgaF+wZlp0YG1zrKyKSkqoBWxayZOFSAJJeMQAkkczwo/M0B8KXHbkXtQ1tfVLCTT8Pr ctrlnode@ip-XX-XX-XX-XXX


ctrlnode@ip-XX-XX-XX-XXX:~/.ssh$ 


ctrlnode@ip-XX-XX-XX-XXX:~/.ssh$ cd.. 


**ctrlnode@ip-XX-XX-XX-XXX:~$ ssh rhelnode1@XX-XX-XX-XXX**


rhelnode1@XX-XX-XX-XXX's password: 


Last login: Wed Feb 13 09:51:37 2019 from ip-XX-XX-XX-XXX.us-east-2.compute.internal


[rhelnode1@ip-XX-XX-XX-XXX ~]$ 


[rhelnode1@ip-XX-XX-XX-XXX ~]$ 


[rhelnode1@ip-XX-XX-XX-XXX ~]$ ls -la. ssh/


total 4


drwx------. 2 rhelnode1 rhelnode1 29 Feb 10 06:01. 


drwx------. 4 rhelnode1 rhelnode1 127 Feb 10 06:23.. 


-rw-------. 1 rhelnode1 rhelnode1 406 Feb 10 06:01 authorized_keys


[rhelnode1@ip-XX-XX-XX-XXX ~]$ cd. ssh


**[rhelnode1@ip-XX-XX-XX-XXX. ssh]$ cat authorized_keys** 


sh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDATfN6+GAr+XTt/qW8YxS1mBZSXHiaoOnH5iDcVkGbylHORZyOjpxpQtbBFV3LoeAmwudz6mhEgd2JTt5UzBU7Hbz0qkKVjb+4R1iiHQlqoGs57MyHBdoiYnNVThyRbS9nIOseMPK5vdYr8OhPawPV9IqhWl6j1oWVNRd7olbPzUccsrAfrmUxI9cNI+c2m6ZqzEdCvb2DtklHM6tBL9J0oOoT2BHvatZd58WKoJnKh9z2Om/ymwTq4FMRxZszhoskhqXA6s9GFnManWeFpgaF+wZlp0YG1zrKyKSkqoBWxayZOFSAJJeMQAkkczwo/M0B8KXHbkXtQ1tfVLCTT8Pr ctrlnode@ip-XX-XX-XX-XXX


[rhelnode1@ip-XX-XX-XX-XXX. ssh]$ cd.. 


[rhelnode1@ip-XX-XX-XX-XXX ~]$ ls -la


total 20


drwx------. 4 rhelnode1 rhelnode1 127 Feb 10 06:23. 


drwxr-xr-x. 4 root root 39 Feb 7 08:43.. 


drwx------. 3 rhelnode1 rhelnode1 17 Feb 10 06:23. ansible


-rw-------. 1 rhelnode1 rhelnode1 1947 Feb 13 09:53. bash_history


-rw-r--r--. 1 rhelnode1 rhelnode1 18 May 22 2018. bash_logout


-rw-r--r--. 1 rhelnode1 rhelnode1 193 May 22 2018. bash_profile


-rw-r--r--. 1 rhelnode1 rhelnode1 231 May 22 2018. bashrc


**drwx------. 2 rhelnode1 rhelnode1 29 Feb 10 06:01. ssh**



实际输出

当我尝试ping远程机器( rhelnode1 ) 时显示


my ctrlnode@ip-xxx-xx-xx-xxx:~$ ansible -m ping web1 -vv -K


 ansible 2.7.6


 config file =/etc/ansible/ansible.cfg


 configured module search path = [u'/home/ctrlnode/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']


 ansible python module location =/usr/lib/python2.7/dist-packages/ansible


 executable location =/usr/bin/ansible


 python version = 2.7.15rc1 (default, Nov 12 2018, 14:31:15) [GCC 7.3.0]


 Using/etc/ansible/ansible.cfg as config file


 SUDO password: 


/etc/ansible/hosts did not meet host_list requirements, check plugin documentation if this is unexpected


/etc/ansible/hosts did not meet script requirements, check plugin documentation if this is unexpected


 META: ran handlers


 web1 | UNREACHABLE! => {


"changed": false, 


"msg":"Failed to connect to the host via ssh: rhelnode1@xxx.xx.xx.xx: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).rn", 


"unreachable": true



在这里 ,当我做普通的ssh时,这里是输出


ctrlnode@ip-XXX-XX-XX-XXX:~$ ssh rhelnode1@XXX.XX.XX.XX -vvv


OpenSSH_7.6p1 Ubuntu-4ubuntu0.2, OpenSSL 1.0.2n 7 Dec 2017


debug1: Reading configuration data/etc/ssh/ssh_config


debug1:/etc/ssh/ssh_config line 19: Applying options for *


debug2: resolving"172.31.28.59" port 22


debug2: ssh_connect_direct: needpriv 0


debug1: Connecting to 172.31.28.59 [172.31.28.59] port 22.


debug1: Connection established.


debug1: identity file/home/ctrlnode/.ssh/id_rsa type 0


debug1: key_load_public: No such file or directory


debug1: identity file/home/ctrlnode/.ssh/id_rsa-cert type -1


debug1: key_load_public: No such file or directory


debug1: identity file/home/ctrlnode/.ssh/id_dsa type -1


debug1: key_load_public: No such file or directory


debug1: identity file/home/ctrlnode/.ssh/id_dsa-cert type -1


debug1: key_load_public: No such file or directory


debug1: identity file/home/ctrlnode/.ssh/id_ecdsa type -1


debug1: key_load_public: No such file or directory


debug1: identity file/home/ctrlnode/.ssh/id_ecdsa-cert type -1


debug1: key_load_public: No such file or directory


debug1: identity file/home/ctrlnode/.ssh/id_ed25519 type -1


debug1: key_load_public: No such file or directory


debug1: identity file/home/ctrlnode/.ssh/id_ed25519-cert type -1


debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.2


debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4


debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000


debug2: fd 3 setting O_NONBLOCK


debug1: Authenticating to 172.31.28.59:22 as 'rhelnode1'


debug3: hostkeys_foreach: reading file"/home/ctrlnode/.ssh/known_hosts"


debug3: record_hostkey: found key type ECDSA in file/home/ctrlnode/.ssh/known_hosts:1


debug3: load_hostkeys: loaded 1 keys from 172.31.28.59


debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521


debug3: send packet: type 20


debug1: SSH2_MSG_KEXINIT sent


debug3: receive packet: type 20


debug1: SSH2_MSG_KEXINIT received


debug2: local client KEXINIT proposal


debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c


debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa


debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com


debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com


debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1


debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1


debug2: compression ctos: none,zlib@openssh.com,zlib


debug2: compression stoc: none,zlib@openssh.com,zlib


debug2: languages ctos: 


debug2: languages stoc: 


debug2: first_kex_follows 0 


debug2: reserved 0 


debug2: peer server KEXINIT proposal


debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1


debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519


debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc


debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc


debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1


debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1


debug2: compression ctos: none,zlib@openssh.com


debug2: compression stoc: none,zlib@openssh.com


debug2: languages ctos: 


debug2: languages stoc: 


debug2: first_kex_follows 0 


debug2: reserved 0 


debug1: kex: algorithm: curve25519-sha256


debug1: kex: host key algorithm: ecdsa-sha2-nistp256


debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none


debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none


debug3: send packet: type 30


debug1: expecting SSH2_MSG_KEX_ECDH_REPLY


debug3: receive packet: type 31


debug1: Server host key: ecdsa-sha2-nistp256 SHA256:w9M1+cFv0rbxejLMIflyYxeH7YH+Zopp/uZ2JkDrIEA


debug3: hostkeys_foreach: reading file"/home/ctrlnode/.ssh/known_hosts"


debug3: record_hostkey: found key type ECDSA in file/home/ctrlnode/.ssh/known_hosts:1


debug3: load_hostkeys: loaded 1 keys from XXX.XX.XX.XX


debug1: Host '172.31.28.59' is known and matches the ECDSA host key.


debug1: Found key in/home/ctrlnode/.ssh/known_hosts:1


debug3: send packet: type 21


debug2: set_newkeys: mode 1


debug1: rekey after 134217728 blocks


debug1: SSH2_MSG_NEWKEYS sent


debug1: expecting SSH2_MSG_NEWKEYS


debug3: receive packet: type 21


debug1: SSH2_MSG_NEWKEYS received


debug2: set_newkeys: mode 0


debug1: rekey after 134217728 blocks


debug2: key:/home/ctrlnode/.ssh/id_rsa (0x56113dd7eb30)


debug2: key:/home/ctrlnode/.ssh/id_dsa ((nil))


debug2: key:/home/ctrlnode/.ssh/id_ecdsa ((nil))


debug2: key:/home/ctrlnode/.ssh/id_ed25519 ((nil))


debug3: send packet: type 5


debug3: receive packet: type 7


debug1: SSH2_MSG_EXT_INFO received


debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>


debug3: receive packet: type 6


debug2: service_accept: ssh-userauth


debug1: SSH2_MSG_SERVICE_ACCEPT received


debug3: send packet: type 50


debug3: receive packet: type 51


debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password


debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password


debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password


debug3: authmethod_lookup gssapi-keyex


debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password


debug3: authmethod_is_enabled gssapi-keyex


debug1: Next authentication method: gssapi-keyex


debug1: No valid Key exchange context


debug2: we did not send a packet, disable method


debug3: authmethod_lookup gssapi-with-mic


debug3: remaining preferred: publickey,keyboard-interactive,password


debug3: authmethod_is_enabled gssapi-with-mic


debug1: Next authentication method: gssapi-with-mic


debug1: Unspecified GSS failure. Minor code may provide more information


No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1001)



debug1: Unspecified GSS failure. Minor code may provide more information


No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1001)



debug2: we did not send a packet, disable method


debug3: authmethod_lookup publickey


debug3: remaining preferred: keyboard-interactive,password


debug3: authmethod_is_enabled publickey


debug1: Next authentication method: publickey


debug1: Offering public key: RSA SHA256:dVjr8XK2ga8RdRl1PlsiTz7qBrEGL+cy2CpNXAegHic/home/ctrlnode/.ssh/id_rsa


debug3: send_pubkey_test


debug3: send packet: type 50


debug2: we sent a publickey packet, wait for reply


debug3: receive packet: type 51


debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password


debug1: Trying private key:/home/ctrlnode/.ssh/id_dsa


debug3: no such identity:/home/ctrlnode/.ssh/id_dsa: No such file or directory


debug1: Trying private key:/home/ctrlnode/.ssh/id_ecdsa


debug3: no such identity:/home/ctrlnode/.ssh/id_ecdsa: No such file or directory


debug1: Trying private key:/home/ctrlnode/.ssh/id_ed25519


debug3: no such identity:/home/ctrlnode/.ssh/id_ed25519: No such file or directory


debug2: we did not send a packet, disable method


debug3: authmethod_lookup password


debug3: remaining preferred:, password


debug3: authmethod_is_enabled password


debug1: Next authentication method: password


rhelnode1@XXX.XX.XX.XX's password: 


debug3: send packet: type 50


debug2: we sent a password packet, wait for reply


debug3: receive packet: type 52


debug1: Authentication succeeded (password).


Authenticated to XXX.XX.XX.XX ([XXX.XX.XX.XX]:22).


debug1: channel 0: new [client-session]


debug3: ssh_session2_open: channel_new: 0


debug2: channel 0: send open


debug3: send packet: type 90


debug1: Requesting no-more-sessions@openssh.com


debug3: send packet: type 80


debug1: Entering interactive session.


debug1: pledge: network


debug3: receive packet: type 80


debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0


debug3: receive packet: type 91


debug2: channel_input_open_confirmation: channel 0: callback start


debug2: fd 3 setting TCP_NODELAY


debug3: ssh_packet_set_tos: set IP_TOS 0x10


debug2: client_session2_setup: id 0


debug2: channel 0: request pty-req confirm 1


debug3: send packet: type 98


debug1: Sending environment.


debug3: Ignored env LS_COLORS


debug3: Ignored env LESSCLOSE


debug1: Sending env LANG = C.UTF-8


debug2: channel 0: request env confirm 0


debug3: send packet: type 98


debug3: Ignored env USER


debug3: Ignored env PWD


debug3: Ignored env HOME


debug3: Ignored env XDG_DATA_DIRS


debug3: Ignored env MAIL


debug3: Ignored env SHELL


debug3: Ignored env TERM


debug3: Ignored env SHLVL


debug3: Ignored env LOGNAME


debug3: Ignored env PATH


debug3: Ignored env LESSOPEN


debug3: Ignored env _


debug2: channel 0: request shell confirm 1


debug3: send packet: type 98


debug2: channel_input_open_confirmation: channel 0: callback done


debug2: channel 0: open confirm rwindow 0 rmax 32768


debug3: receive packet: type 99


debug2: channel_input_status_confirm: type 99 id 0


debug2: PTY allocation request accepted on channel 0


debug2: channel 0: rcvd adjust 2097152


debug3: receive packet: type 99


debug2: channel_input_status_confirm: type 99 id 0


debug2: shell request accepted on channel 0


Last login: Wed Feb 13 06:59:33 2019


[rhelnode1@ip-xxx-xx-xx-xx ~]$ debug2: client_check_window_change: changed


debug2: channel 0: request window-change confirm 0


debug3: send packet: type 98


[rhelnode1@ip-xxx-xx-xx-xx ~]$




回答 1:

authorized_keys用于传入连接。 这是为了验证用户连接的传入。

SSH中的authorized_keys文件指定可以用于登录到配置了该文件的用户帐户的SSH密钥。

如果用户可以证明他知道 private 密钥,public 密钥在帐户列表的授权中,基本上是: (~/.ssh/authorized_keys on the server)

你可以将手动ssh尝试( 但是详细输出)的输出与远程主机共享?

ssh rhelnode1@xxx.xx.xx.xx -vvv

编辑:

要确保远程计算机上的所有文件都是正确的,请使用 ssh-copy-id user@device,但是一旦成功身份验证,下一个SSH尝试使用。


回答 2:

根据日志"没有这样的标识: /home/ctrlnode/. ssh/id_dsa: 没有适当的文件或者目录"你没有复制用户的public 密钥"CtrlNode"正确地目标机器。 在/home/rhelnode1/.ssh 文件夹下的authorized_keys文件中复制 public kye。



USE  用户  ANSI  Ansible  PING  
相关文章