我可以使用 SERVER1 和 SERVER2 的密钥身份验证通过 SSH 登录。但是,我无法在两台服务器之间复制文件。为什么?我怎样才能在它们之间复制?(我要复制的数据比我的笔记本硬盘大)
我的笔记本运行 Ubuntu 10.04 LTS,两台服务器是 AIX 5300-10-02-0943。我~/.ssh/known_hosts在我的笔记本文件包含了这两个服务器的公钥。我使用tsocks是因为我必须使用 SSH 隧道才能到达这两个服务器。两台服务器可以互相ping通。
[USER@NOTEBOOK ~] tsocks scp -v -i /home/USER/.ssh/id_rsa -p -r root@SERVER1:/PATH/TO/DIR root@SERVER2:/PATH/TO/DIR
Executing: /usr/bin/ssh '-v' '-x' '-oClearAllForwardings yes' '-n' '-l' 'root' 'SERVER1' 'scp -v -r -p' '/PATH/TO/DIR' 'root@SERVER2:/PATH/TO/DIR'
OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to SERVER1 [SERVER1] port 22.
debug1: Connection established.
debug1: identity file /home/USER/.ssh/identity type -1
debug1: identity file /home/USER/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024
debug1: identity file /home/USER/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2p1+sas
debug1: match: OpenSSH_5.2p1+sas pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'SERVER1' is known and matches the RSA host key.
debug1: Found key in /home/USER/.ssh/known_hosts:59
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/USER/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 151
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.utf8
debug1: Sending command: scp -v -r -p /PATH/TO/DIR root@SERVER2:/PATH/TO/DIR
Executing: program /applications/ssh/5.20.15.0/bin/ssh host SERVER2, user root, command scp -v -r -p -t /PATH/TO/DIR
OpenSSH_5.2p1+sas, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to SERVER2 [SERVER2] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2p1+sas
debug1: match: OpenSSH_5.2p1+sas pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
lost connection
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 1984, received 3848 bytes, in 0.3 seconds
Bytes per second: sent 6903.4, received 13389.2
debug1: Exit status 1
[USER@NOTEBOOK ~] tsocks scp -i /home/USER/.ssh/id_rsa -p -r root@SERVER1:/PATH/TO/DIR root@SERVER2:/PATH/TO/DIR
Host key verification failed.
lost connection
[USER@NOTEBOOK ~]
小智 11
这很容易修复。看,源服务器不知道目标服务器,它不能要求您确认身份,因为您没有在那里打开终端:
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
lost connection
因此,只需登录源帐户/服务器并尝试 ssh(或 scp)到 dest 帐户,接受主机密钥并取消登录/scp。你应该可以复制。
local $ ssh source@src-server
src-server $ ssh dest@dst-server
The authenticity of host 'destination (10.0.0.x)' can't be established.
RSA key fingerprint is 71:ec:c0:86:7f:b6:51:eb:76:c8:1f:2f:ba:0a:f4:20.
Are you sure you want to continue connecting (yes/no)? yes
dest@dst-server's password: ^C
src-server $ exit
local $ scp -r source@src-server:/path/to/files dest@dst-server:/path/to/files
如果没有,请尝试:
local $ scp -r -o "ForwardAgent=yes" source@src-server:/path/to/files dest@dst-server:/path/to/files
如果您有可以访问目标服务器的 SSH 密钥而源服务器没有,则添加-o "ForwardAgent=yes"将允许您将 SSH 代理转发到源服务器,以便它可以使用您的 SSH 密钥连接到目标服务器。
一点诊断:从此
debug1: Sending command: scp -v -r -p /PATH/TO/DIR root@SERVER2:/PATH/TO/DIR
[...]
debug1: read_passphrase: can't open /dev/tty: No such device or address
我怀疑(猜测)它是这样工作的,服务器到服务器的副本scp登录SERVER1并执行scp将文件发送到的命令SERVER2;因此调用者(来自SERVER1)必须对自己进行身份验证。现在这失败了,因为它是非交互式的(没有/dev/tty)并且无法要求密码。
这意味着将密钥复制到SERVER1(我不知道这在您的情况下是否可行)可能会解决问题(我认为......)(如果没有密码......这很糟糕)
编辑解决方案可能如下,用于sshfs访问您要发送的文件,通过scp从sshfs-mounted 目录发送它们。这应该为您提供所需的交互性(如果上面的猜测是正确的)并将所有键保持在本地。
| 归档时间: |
|
| 查看次数: |
57176 次 |
| 最近记录: |