Fatal编程技术网
  • ssh/
  • 通过GitHub操作上的SSH进行自连接

通过GitHub操作上的SSH进行自连接

ssh

通过GitHub操作上的SSH进行自连接,ssh,github-actions,Ssh,Github Actions,我找不到在GH操作上使用正在运行的SSH服务器的方法。 当我试图通过ssh连接到127.0.0.1时,有一个服务器,它会响应,但是 不知何故忽略了.ssh中的配置文件(或任何情况) 以下是我使用的脚本(一般设置似乎不会影响结果): ssh-keygen-t ed25519-f~/.ssh/whatever-N'' cat>~/.ssh/config这是一个权限问题。默认情况下,容器中主文件夹的权限太宽,ssh守护进程无法接受(world/others读/写),因此服务器端拒绝您的连接。删除主目录

我找不到在GH操作上使用正在运行的SSH服务器的方法。 当我试图通过ssh连接到
127.0.0.1
时,有一个服务器,它会响应,但是 不知何故忽略了
.ssh
中的配置文件(或任何情况)

以下是我使用的脚本(一般设置似乎不会影响结果):

ssh-keygen-t ed25519-f~/.ssh/whatever-N''

cat>~/.ssh/config这是一个权限问题。默认情况下,容器中主文件夹的权限太宽,ssh守护进程无法接受(world/others读/写),因此服务器端拒绝您的连接。删除主目录上的world/others读/写权限可修复此问题

要修复此问题,请在ssh调用之前将以下内容添加到脚本中。此命令删除主目录上的其他读/写权限:


chmod og rw~


证据:


name: ssh-example
on: [push]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Run a multi-line script
      run: |
        ssh-keygen -t ed25519 -f ~/.ssh/whatever -N ''
        cat > ~/.ssh/config <<EOF
          Host host.example
           User $USER
           HostName 127.0.0.1
           IdentityFile ~/.ssh/whatever
        EOF
        echo -n 'from="127.0.0.1" ' | cat - ~/.ssh/whatever.pub > ~/.ssh/authorized_keys
        echo "Before fixing permissions on authorized_keys, notice home directory is world read/write"
        ls -la ~/.ssh
        ssh -o 'StrictHostKeyChecking no' host.example id || echo "ssh failed as expected... trying to fix permissions"
        chmod og-rw ~
        echo "After fixing permissions on home folder ~ ..."
        ls -la ~/.ssh
        ssh -o 'StrictHostKeyChecking no' host.example id



被拒绝的权限可能由多个原因造成。
这是来自的代码


if(options.control\u master==SSHCTL\u master\u ASK||
options.control\u master==SSHCTL\u master\u AUTO\u ASK){
如果(!请求_权限(“允许共享到%s的连接?”,主机)){
debug2(“%s:会话被用户拒绝”,函数);
答复错误(答复、MUX\U S\U权限被拒绝、rid、,
“拒绝许可”);


这是由拒绝连接引起的

可能的原因


  • sshd守护进程,即ssh服务器未运行
    • 

  • 用户没有ssh权限
    • 

  • 只有root用户有ssh权限
    • 
检查
    

    #systemctl status sshd.service | grep Active
    
也检查
    

    #cat/etc/ssh/sshd_config
    
我不认为。ssh权限是个问题。
因为它们是由用户创建的。
用户权限掩码主要是755。这就是为什么没有相同用户的权限
到它自己的.ssh目录是非常不可能的
    

    如果问题仍然存在,请务必通知我。
    您可以运行“ls-la”吗在您的.ssh目录上,以及要包含输出的问题上?它以前是空的,由
    创建的目录“/home/runner/.ssh.”
    消息确认。
    Wow的协议文档链接,我甚至没有想到它;它可以工作,谢谢。ssh不应该以某种方式告诉什么是错误的吗?比如在sshd日志中或在任何地方。是的,@Arusekk,通常是sshd日志中有一条非常明确的错误消息。不幸的是,我不知道Github Actions提供的服务器环境中sshd日志的位置。在我的传统系统上,sshd日志记录:
    Feb 25 06:29:49 hostname.local sshd[503891]:身份验证被拒绝:目录/home/testuser的所有权或模式错误
    name: ssh-example
on: [push]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Run a multi-line script
      run: |
        ssh-keygen -t ed25519 -f ~/.ssh/whatever -N ''
        cat > ~/.ssh/config <<EOF
          Host host.example
           User $USER
           HostName 127.0.0.1
           IdentityFile ~/.ssh/whatever
        EOF
        echo -n 'from="127.0.0.1" ' | cat - ~/.ssh/whatever.pub > ~/.ssh/authorized_keys
        echo "Before fixing permissions on authorized_keys, notice home directory is world read/write"
        ls -la ~/.ssh
        ssh -o 'StrictHostKeyChecking no' host.example id || echo "ssh failed as expected... trying to fix permissions"
        chmod og-rw ~
        echo "After fixing permissions on home folder ~ ..."
        ls -la ~/.ssh
        ssh -o 'StrictHostKeyChecking no' host.example id

    Generating public/private ed25519 key pair.
Created directory '/home/runner/.ssh'.
Your identification has been saved in /home/runner/.ssh/whatever.
Your public key has been saved in /home/runner/.ssh/whatever.pub.
The key fingerprint is:
SHA256:vKl342+LK4YP7Kj00Eqm1Jnst/7ED3Pzu/6TPOiHoUc runner@fv-az76
The key's randomart image is:
+--[ED25519 256]--+
|                 |
|                 |
|                 |
|       .         |
|        S        |
|  o.o..  o E     |
| .==. o*ooo = .  |
|.=.+ +ooO.==.*   |
|. oo=o==.=B@Boo  |
+----[SHA256]-----+
Before fixing permissions on authorized_keys, notice home directory is world read/write
total 24
drwx------ 2 runner docker 4096 Feb 23 21:58 .
drwxrwxrwx 8 runner docker 4096 Feb 23 21:58 ..
-rw-r--r-- 1 runner docker  113 Feb 23 21:58 authorized_keys
-rw-r--r-- 1 runner docker   89 Feb 23 21:58 config
-rw------- 1 runner docker  411 Feb 23 21:58 whatever
-rw-r--r-- 1 runner docker   96 Feb 23 21:58 whatever.pub
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
runner@127.0.0.1: Permission denied (publickey,password).
ssh failed as expected... trying to fix permissions
After fixing permissions on home folder ~ ...
total 28
drwx------ 2 runner docker 4096 Feb 23 21:58 .
drwx--x--x 8 runner docker 4096 Feb 23 21:58 ..
-rw-r--r-- 1 runner docker  113 Feb 23 21:58 authorized_keys
-rw-r--r-- 1 runner docker   89 Feb 23 21:58 config
-rw-r--r-- 1 runner docker  222 Feb 23 21:58 known_hosts
-rw------- 1 runner docker  411 Feb 23 21:58 whatever
-rw-r--r-- 1 runner docker   96 Feb 23 21:58 whatever.pub
uid=1001(runner) gid=115(docker) groups=115(docker)