ssh连接失败,但scp在gitlab ci中工作
我正在使用gitlab secrets传递ssh私钥,以便它连接到远程服务器。For scp可以正常工作,但运行ssh不行 当gitlab管道运行并尝试执行ssh时,我甚至可以看到服务器上的ssh日志 以下是gitlab管道的输出:ssh连接失败,但scp在gitlab ci中工作,ssh,gitlab-ci,scp,Ssh,Gitlab Ci,Scp,我正在使用gitlab secrets传递ssh私钥,以便它连接到远程服务器。For scp可以正常工作,但运行ssh不行 当gitlab管道运行并尝试执行ssh时,我甚至可以看到服务器上的ssh日志 以下是gitlab管道的输出: ssh -i /root/.ssh/id_rsa -vvv root@$DEPLOYMENT_SERVER_IP "docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTR
ssh -i /root/.ssh/id_rsa -vvv root@$DEPLOYMENT_SERVER_IP "docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY};"
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "157.245.xxx.xxx" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 157.245.xxx.xxx [157.245.xxx.xxx] port 22.
debug1: connect to address 157.245.xxx.xxx port 22: Connection refused
ssh: connect to host 157.245.xxx.xxx port 22: Connection refused
以下是我的gitlab管道失败:
deploy_production:
stage: deploy
image: python:3.6-alpine
before_script:
- 'which ssh-agent || ( apk update && apk add openssh-client)'
- eval "$(ssh-agent -s)"
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$DEPLOY_SERVER_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- ssh-add ~/.ssh/id_rsa
- apk add gcc musl-dev libffi-dev openssl-dev iputils
- ssh-keyscan $DEPLOYMENT_SERVER_IP >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
- scp -r ./docker-compose.yml root@${DEPLOYMENT_SERVER_IP}:~/
- scp -r ./env/production/docker-compose.yml root@${DEPLOYMENT_SERVER_IP}:~/docker-compose-prod.yml
- ssh -i /root/.ssh/id_rsa -vvv root@$DEPLOYMENT_SERVER_IP "docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY};"
environment: production
only:
- "master"
sshd验证日志:
sshd[27552]: Connection closed by 35.231.235.202 port 53870 [preauth]
sshd[27554]: Connection closed by 35.231.235.202 port 53872 [preauth]
sshd[27553]: Connection closed by 35.231.235.202 port 53874 [preauth]
sshd[27558]: Accepted publickey for root from 35.231.235.202 port 53876 ssh2: RSA SHA256:bS8IsyG4kyKcTtfrW+h4kw1JXbBSQfO6Jk6X/JKL1CU
sshd[27558]: pam_unix(sshd:session): session opened for user root by (uid=0)
systemd-logind[945]: New session 649 of user root.
sshd[27558]: Received disconnect from 35.231.235.202 port 53876:11: disconnected by user
sshd[27558]: Disconnected from user root 35.231.235.202 port 53876
sshd[27558]: pam_unix(sshd:session): session closed for user root
systemd-logind[945]: Removed session 649.
sshd[27560]: Received disconnect from 222.186.15.160 port 64316:11: [preauth]
sshd[27560]: Disconnected from authenticating user root 222.186.15.160 port 64316 [preauth]
sshd[27685]: Accepted publickey for root from 35.231.235.202 port 53878 ssh2: RSA SHA256:bS8IsyG4kyKcTtfrW+h4kw1JXbBSQfO6Jk6X/JKL1CU
sshd[27685]: pam_unix(sshd:session): session opened for user root by (uid=0)
systemd-logind[945]: New session 650 of user root.
sshd[27685]: Received disconnect ected by user
sshd[27685]: Disconnected from user root 35.231.235.202 port 53878
sshd[27685]: pam_unix(sshd:session): session closed for user root
systemd-logind[945]: Removed session 650.
终于弄明白为什么会这样。我发现问题在于服务器上ssh的ufw防火墙规则。它的速率是有限的,因为在我的gitlab管道中,我执行了2次scp,然后是ssh,这可能发生得太快了,所以服务器拒绝连接
它在gitlab管道之外工作,因为手动操作会很慢。您上述问题中最重要的信息是:
端口22:连接被拒绝
检查157.245.xxx.xxx上的日志(sshd、auth、security…)以了解原因。是的,我检查了auth日志,没有发现任何错误。已修改问题以列出身份验证日志。我看不出在sshdauth日志中有任何错误。