我试图通过从没有 tty 的用户(我的 apache 服务器运行的用户)调用 ssh(使用密钥身份验证)来运行单个命令,并不断得到以下结果:
OpenSSH_5.9p1, OpenSSL 1.0.0g 18 Jan 2012
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 54367.
debug1: Connection established.
debug1: identity file nonpublic/id_rsa type 1
debug1: identity file nonpublic/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a
debug1: checking without port identifier
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
-t 标志在调用 ssh 时设置。密钥没有密码,这应该可以抑制对任何输入的需求,但显然没有。如何防止 ssh 尝试打开 /dev/tty?
编辑:代码标签不起作用?
Edit2:完整的 ssh 命令:
ssh -i nonpublic/id_rsa -l username -p 54367 -t -v username@localhost /home/username/minecraftserver/Scripts/start 2>&1
我已经用“用户名”替换了我的用户名。
Edit3:我尝试使用与 root 相同的密钥进行 ssh-ing 并得到以下结果:
OpenSSH_5.9p1, OpenSSL 1.0.0g 18 Jan 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 54367.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /srv/http/nonpublic/id_rsa type 1
debug1: identity file /srv/http/nonpublic/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a
debug1: checking without port identifier
The authenticity of host '[localhost]:54367 ([::1]:54367)' can't be established.
ECDSA key fingerprint is e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:54367' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /srv/http/nonpublic/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/srv/http/nonpublic/id_rsa':
debug1: No more authentication methods to try.
Permission denied (publickey).
即使它不需要密码,它也会提示我输入密码。此外,我可以在 Windows 机器上使用 PuTTY 使用 ssh 的密钥,这很好,它不会提示我输入密码。
Edit4:我将服务器添加到了 apache 用户 known_hosts,现在我得到了这个:
OpenSSH_5.9p1, OpenSSL 1.0.0g 18 Jan 2012
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 54367.
debug1: Connection established.
debug1: identity file nonpublic/id_rsa type 1
debug1: identity file nonpublic/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e3:c2:37:8e:8b:d4:77:63:7f:d2:ba:12:e5:e9:d1:9a
debug1: Host '[localhost]:54367' is known and matches the ECDSA host key.
debug1: Found key in /srv/http/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: nonpublic/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: No more authentication methods to try.
Permission denied (publickey).`
此外,这是 known_hosts 的内容:
[localhost]:54367 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILr7jLp5CeYfyrCroaDjkaWgDHXRrQD+G8Fz/CQOY1PcluUFTkrN447bXmC6R27LOClE+RPaveYb4MOlObpGGE=
为什么说是ecdsa?这是一个 rsa 密钥。
编辑5:解决了。问题是密钥对是由 PuTTY 生成的,它以与 OpenSSH 不兼容的格式写入私钥。cjc 在评论中提供的解决方案。
amc*_*abb 11
问题实际上似乎并不在于它正在尝试读取密码——这只是一个警告。相反,它试图进行主机密钥验证但失败了。如果您真的希望它从不询问主机密钥,请考虑将以下选项添加到 ssh 命令行:
-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null
请注意,可能存在安全隐患,因此请务必阅读ssh_config手册页中的这些选项。
编辑:鉴于您更新的错误消息,您的身份文件似乎已损坏(或者如 cjc 指出的那样,它可能格式错误)。尝试使用 ssh-keygen 手动创建一个新的,并将其添加到服务器的 authorized_keys。