Bash 延迟公钥和单次尝试后SSH失败
我有一个正常工作的SSH设置,它使用publickey,没有任何问题。具体地说,我使用SCP-I将文件复制到远程服务器,它可以正常工作Bash 延迟公钥和单次尝试后SSH失败,bash,perl,ssh,public-key,sshd,Bash,Perl,Ssh,Public Key,Sshd,我有一个正常工作的SSH设置,它使用publickey,没有任何问题。具体地说,我使用SCP-I将文件复制到远程服务器,它可以正常工作 scp -i /var/www/key/id_rsa /var/www/backups/example.dat living@example.com:/var/www/backups 当以root或living身份登录时,该命令行可以正常工作 下面是一个从a/usr/sbin/sshd-d测试进行调试的示例: Server listening on :: po
scp -i /var/www/key/id_rsa /var/www/backups/example.dat living@example.com:/var/www/backups
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from X.X.X.X port 33166 on Y.Y.Y.Y port 22
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: SELinux support disabled [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user living service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "living"
debug1: PAM: setting PAM_RHOST to "FQDN_redacted"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user living service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: trying public key file /home/living/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: restore_uid: 0/0
Postponed publickey for living from X.X.X.X port 33166 ssh2 [preauth]
debug1: userauth-request for user living service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: trying public key file /home/living/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
debug1: do_pam_account: called
Accepted publickey for living from X.X.X.X port 33166 ssh2: RSA 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: monitor_child_preauth: living has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: SELinux support disabled
debug1: PAM: establishing credentials
User child is on pid 2320
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 1001/1001
debug1: Entering interactive session for SSH2.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from X.X.X.X port 33208 on Y.Y.Y.Y port 22
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: SELinux support disabled [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user living service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "living"
debug1: PAM: setting PAM_RHOST to "FQDN_redacted"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user living service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: trying public key file /home/living/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: restore_uid: 0/0
Postponed publickey for living from X.X.X.X port 33208 ssh2 [preauth]
Connection closed by X.X.X.X [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 2409
$x=`scp -i /var/www/keys/living/id_rsa /var/www/$RS->[$x][3].dat living\@$a:/var/www/`;
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from X.X.X.X port 33166 on Y.Y.Y.Y port 22
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: SELinux support disabled [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user living service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "living"
debug1: PAM: setting PAM_RHOST to "FQDN_redacted"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user living service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: trying public key file /home/living/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: restore_uid: 0/0
Postponed publickey for living from X.X.X.X port 33166 ssh2 [preauth]
debug1: userauth-request for user living service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: trying public key file /home/living/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
debug1: do_pam_account: called
Accepted publickey for living from X.X.X.X port 33166 ssh2: RSA 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: monitor_child_preauth: living has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: SELinux support disabled
debug1: PAM: establishing credentials
User child is on pid 2320
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 1001/1001
debug1: Entering interactive session for SSH2.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from X.X.X.X port 33208 on Y.Y.Y.Y port 22
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: SELinux support disabled [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16 [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user living service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "living"
debug1: PAM: setting PAM_RHOST to "FQDN_redacted"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user living service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: temporarily_use_uid: 1001/1001 (e=0/0)
debug1: trying public key file /home/living/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
Found matching RSA key: 5a:c2:98:38:bf:b3:01:13:55:b0:3d:74:61:3f:b1:f3
debug1: restore_uid: 0/0
Postponed publickey for living from X.X.X.X port 33208 ssh2 [preauth]
Connection closed by X.X.X.X [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 2409
解决方案是将文件“id\u rsa”私钥的权限设置为0660,必须更改为0600 noob错误,由于SCP命令正在PERL中运行而被掩盖 使用以下命令将backticks作为PERL fork的子级:
$|=1;$SIG{CHLD} = "IGNORE";
这会导致来自子进程的调试不会显示在Apache错误日志中,并且在源服务器或目标服务器上没有任何调试暴露问题。解决方案是文件“id\u rsa的权限私钥设置为0660,必须更改为0600 noob错误,由于SCP命令正在PERL中运行而被掩盖 使用以下命令将backticks作为PERL fork的子级:
$|=1;$SIG{CHLD} = "IGNORE";
这会导致来自子进程的调试不会显示在Apache错误日志中,并且在源服务器或目标服务器上没有任何调试暴露问题。您的脚本是什么样子的?我的钱将用于插值/转义/引用问题。$x=
scp-i/var/www/keys/living/id_rsa/var/www/$RS->[$x][3]。dat living\@$a:/var/www/scp-i/var/www/keys/living/id_rsa/var/www/$RS->[$x][3]。dat living\@$a:/var/www/