通过GitHub操作上的SSH进行自连接
我找不到在GH操作上使用正在运行的SSH服务器的方法。 当我试图通过ssh连接到通过GitHub操作上的SSH进行自连接,ssh,github-actions,Ssh,Github Actions,我找不到在GH操作上使用正在运行的SSH服务器的方法。 当我试图通过ssh连接到127.0.0.1时,有一个服务器,它会响应,但是 不知何故忽略了.ssh中的配置文件(或任何情况) 以下是我使用的脚本(一般设置似乎不会影响结果): ssh-keygen-t ed25519-f~/.ssh/whatever-N'' cat>~/.ssh/config这是一个权限问题。默认情况下,容器中主文件夹的权限太宽,ssh守护进程无法接受(world/others读/写),因此服务器端拒绝您的连接。删除主目录
127.0.0.1
时,有一个服务器,它会响应,但是
不知何故忽略了.ssh
中的配置文件(或任何情况)
以下是我使用的脚本(一般设置似乎不会影响结果):
ssh-keygen-t ed25519-f~/.ssh/whatever-N''
cat>~/.ssh/config这是一个权限问题。默认情况下,容器中主文件夹的权限太宽,ssh守护进程无法接受(world/others读/写),因此服务器端拒绝您的连接。删除主目录上的world/others读/写权限可修复此问题
要修复此问题,请在ssh调用之前将以下内容添加到脚本中。此命令删除主目录上的其他读/写权限:
chmod og rw~
证据:
name: ssh-example
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run a multi-line script
run: |
ssh-keygen -t ed25519 -f ~/.ssh/whatever -N ''
cat > ~/.ssh/config <<EOF
Host host.example
User $USER
HostName 127.0.0.1
IdentityFile ~/.ssh/whatever
EOF
echo -n 'from="127.0.0.1" ' | cat - ~/.ssh/whatever.pub > ~/.ssh/authorized_keys
echo "Before fixing permissions on authorized_keys, notice home directory is world read/write"
ls -la ~/.ssh
ssh -o 'StrictHostKeyChecking no' host.example id || echo "ssh failed as expected... trying to fix permissions"
chmod og-rw ~
echo "After fixing permissions on home folder ~ ..."
ls -la ~/.ssh
ssh -o 'StrictHostKeyChecking no' host.example id
被拒绝的权限可能由多个原因造成。
这是来自的代码
if(options.control\u master==SSHCTL\u master\u ASK||
options.control\u master==SSHCTL\u master\u AUTO\u ASK){
如果(!请求_权限(“允许共享到%s的连接?”,主机)){
debug2(“%s:会话被用户拒绝”,函数);
答复错误(答复、MUX\U S\U权限被拒绝、rid、,
“拒绝许可”);
这是由拒绝连接引起的
可能的原因
sshd守护进程,即ssh服务器未运行
用户没有ssh权限
只有root用户有ssh权限
检查
#systemctl status sshd.service | grep Active
也检查
#cat/etc/ssh/sshd_config
我不认为。ssh权限是个问题。
因为它们是由用户创建的。
用户权限掩码主要是755。这就是为什么没有相同用户的权限
到它自己的.ssh目录是非常不可能的
如果问题仍然存在,请务必通知我。您可以运行“ls-la”吗在您的.ssh目录上,以及要包含输出的问题上?它以前是空的,由创建的目录“/home/runner/.ssh.”
消息确认。
Wow的协议文档链接,我甚至没有想到它;它可以工作,谢谢。ssh不应该以某种方式告诉什么是错误的吗?比如在sshd日志中或在任何地方。是的,@Arusekk,通常是sshd日志中有一条非常明确的错误消息。不幸的是,我不知道Github Actions提供的服务器环境中sshd日志的位置。在我的传统系统上,sshd日志记录:Feb 25 06:29:49 hostname.local sshd[503891]:身份验证被拒绝:目录/home/testuser的所有权或模式错误
name: ssh-example
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run a multi-line script
run: |
ssh-keygen -t ed25519 -f ~/.ssh/whatever -N ''
cat > ~/.ssh/config <<EOF
Host host.example
User $USER
HostName 127.0.0.1
IdentityFile ~/.ssh/whatever
EOF
echo -n 'from="127.0.0.1" ' | cat - ~/.ssh/whatever.pub > ~/.ssh/authorized_keys
echo "Before fixing permissions on authorized_keys, notice home directory is world read/write"
ls -la ~/.ssh
ssh -o 'StrictHostKeyChecking no' host.example id || echo "ssh failed as expected... trying to fix permissions"
chmod og-rw ~
echo "After fixing permissions on home folder ~ ..."
ls -la ~/.ssh
ssh -o 'StrictHostKeyChecking no' host.example id
Generating public/private ed25519 key pair.
Created directory '/home/runner/.ssh'.
Your identification has been saved in /home/runner/.ssh/whatever.
Your public key has been saved in /home/runner/.ssh/whatever.pub.
The key fingerprint is:
SHA256:vKl342+LK4YP7Kj00Eqm1Jnst/7ED3Pzu/6TPOiHoUc runner@fv-az76
The key's randomart image is:
+--[ED25519 256]--+
| |
| |
| |
| . |
| S |
| o.o.. o E |
| .==. o*ooo = . |
|.=.+ +ooO.==.* |
|. oo=o==.=B@Boo |
+----[SHA256]-----+
Before fixing permissions on authorized_keys, notice home directory is world read/write
total 24
drwx------ 2 runner docker 4096 Feb 23 21:58 .
drwxrwxrwx 8 runner docker 4096 Feb 23 21:58 ..
-rw-r--r-- 1 runner docker 113 Feb 23 21:58 authorized_keys
-rw-r--r-- 1 runner docker 89 Feb 23 21:58 config
-rw------- 1 runner docker 411 Feb 23 21:58 whatever
-rw-r--r-- 1 runner docker 96 Feb 23 21:58 whatever.pub
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
runner@127.0.0.1: Permission denied (publickey,password).
ssh failed as expected... trying to fix permissions
After fixing permissions on home folder ~ ...
total 28
drwx------ 2 runner docker 4096 Feb 23 21:58 .
drwx--x--x 8 runner docker 4096 Feb 23 21:58 ..
-rw-r--r-- 1 runner docker 113 Feb 23 21:58 authorized_keys
-rw-r--r-- 1 runner docker 89 Feb 23 21:58 config
-rw-r--r-- 1 runner docker 222 Feb 23 21:58 known_hosts
-rw------- 1 runner docker 411 Feb 23 21:58 whatever
-rw-r--r-- 1 runner docker 96 Feb 23 21:58 whatever.pub
uid=1001(runner) gid=115(docker) groups=115(docker)