Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/ssh/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
ssh连接失败,但scp在gitlab ci中工作_Ssh_Gitlab Ci_Scp - Fatal编程技术网
Fatal编程技术网
  • ssh/
  • ssh连接失败,但scp在gitlab ci中工作

ssh连接失败,但scp在gitlab ci中工作

ssh

ssh连接失败,但scp在gitlab ci中工作,ssh,gitlab-ci,scp,Ssh,Gitlab Ci,Scp,我正在使用gitlab secrets传递ssh私钥,以便它连接到远程服务器。For scp可以正常工作,但运行ssh不行 当gitlab管道运行并尝试执行ssh时,我甚至可以看到服务器上的ssh日志 以下是gitlab管道的输出: ssh -i /root/.ssh/id_rsa -vvv root@$DEPLOYMENT_SERVER_IP "docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTR

我正在使用gitlab secrets传递ssh私钥,以便它连接到远程服务器。For scp可以正常工作,但运行ssh不行

当gitlab管道运行并尝试执行ssh时,我甚至可以看到服务器上的ssh日志

以下是gitlab管道的输出:

ssh -i /root/.ssh/id_rsa -vvv root@$DEPLOYMENT_SERVER_IP "docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY};"
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "157.245.xxx.xxx" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 157.245.xxx.xxx [157.245.xxx.xxx] port 22.
debug1: connect to address 157.245.xxx.xxx port 22: Connection refused
ssh: connect to host 157.245.xxx.xxx port 22: Connection refused
以下是我的gitlab管道失败:

deploy_production:                                                                                             
  stage: deploy                                                                                                
  image: python:3.6-alpine                                                                                          
  before_script:                                                                                               
    - 'which ssh-agent || ( apk update && apk add openssh-client)'              
    - eval "$(ssh-agent -s)"                                                                                   
    - mkdir -p ~/.ssh                                                                                          
    - chmod 700 ~/.ssh                                                                                         
    - echo "$DEPLOY_SERVER_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa            
    - chmod 600 ~/.ssh/id_rsa                                                                                  
    - ssh-add ~/.ssh/id_rsa                                                                                    
    - apk add gcc musl-dev libffi-dev openssl-dev iputils                       
    - ssh-keyscan $DEPLOYMENT_SERVER_IP >> ~/.ssh/known_hosts                   
    - chmod 644 ~/.ssh/known_hosts                                                                             
  script:                                                                                                      
    - scp -r ./docker-compose.yml root@${DEPLOYMENT_SERVER_IP}:~/               
    - scp -r ./env/production/docker-compose.yml root@${DEPLOYMENT_SERVER_IP}:~/docker-compose-prod.yml
    - ssh -i /root/.ssh/id_rsa -vvv root@$DEPLOYMENT_SERVER_IP "docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY};"
  environment: production                                                                                      
  only:                                                                                                        
    - "master"
sshd验证日志:

sshd[27552]: Connection closed by 35.231.235.202 port 53870 [preauth]           
sshd[27554]: Connection closed by 35.231.235.202 port 53872 [preauth]           
sshd[27553]: Connection closed by 35.231.235.202 port 53874 [preauth]           
sshd[27558]: Accepted publickey for root from 35.231.235.202 port 53876 ssh2: RSA SHA256:bS8IsyG4kyKcTtfrW+h4kw1JXbBSQfO6Jk6X/JKL1CU
sshd[27558]: pam_unix(sshd:session): session opened for user root by (uid=0)    
systemd-logind[945]: New session 649 of user root.                              
sshd[27558]: Received disconnect from 35.231.235.202 port 53876:11: disconnected by user
sshd[27558]: Disconnected from user root 35.231.235.202 port 53876              
sshd[27558]: pam_unix(sshd:session): session closed for user root               
systemd-logind[945]: Removed session 649.                                       
sshd[27560]: Received disconnect from 222.186.15.160 port 64316:11:  [preauth]  
sshd[27560]: Disconnected from authenticating user root 222.186.15.160 port 64316 [preauth]
sshd[27685]: Accepted publickey for root from 35.231.235.202 port 53878 ssh2: RSA SHA256:bS8IsyG4kyKcTtfrW+h4kw1JXbBSQfO6Jk6X/JKL1CU
sshd[27685]: pam_unix(sshd:session): session opened for user root by (uid=0)    
systemd-logind[945]: New session 650 of user root.                              
sshd[27685]: Received disconnect ected by user                                  
sshd[27685]: Disconnected from user root 35.231.235.202 port 53878              
sshd[27685]: pam_unix(sshd:session): session closed for user root               
systemd-logind[945]: Removed session 650.
终于弄明白为什么会这样。我发现问题在于服务器上ssh的ufw防火墙规则。它的速率是有限的,因为在我的gitlab管道中,我执行了2次scp,然后是ssh,这可能发生得太快了,所以服务器拒绝连接

它在gitlab管道之外工作,因为手动操作会很慢。

您上述问题中最重要的信息是:
端口22:连接被拒绝
检查157.245.xxx.xxx上的日志(sshd、auth、security…)以了解原因。是的,我检查了auth日志,没有发现任何错误。已修改问题以列出身份验证日志。我看不出在sshdauth日志中有任何错误。