cercando di eseguire il comando di shell script come sudo da jenkins e ottengo l'errore di sotto, non sono sicuro di cosa lo stia causando


-2

In Jenkins chiama la sceneggiatura

ssh -vvv -o StrictHostKeyChecking=no someuser@10.180.129.187  "sudo /home/ram/bin/setup.sh" 

questo è il messaggio di debug:

+ ssh -vvv -o StrictHostKeyChecking=no root@10.180.129.187 'sudo /home/ram/bin/setup.sh'
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.190.128.193 [10.190.128.193] port 22.
debug1: Connection established.
debug1: identity file /home/ram/.ssh/identity type -1
debug1: identity file /home/ram/.ssh/identity-cert type -1
debug1: identity file /home/ram/.ssh/id_rsa type -1
debug1: identity file /home/ram/.ssh/id_rsa-cert type -1
debug1: identity file /home/ram/.ssh/id_dsa type -1
debug1: identity file /home/ram/.ssh/id_dsa-cert type -1
debug1: identity file /home/ram/.ssh/id_ecdsa type -1
debug1: identity file /home/ram/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 960 bytes for a total of 981
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 1005
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 490/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 1149
debug3: check_host_in_hostfile: host 10.190.128.193 filename /home/ram/.ssh/known_hosts
debug3: check_host_in_hostfile: host 10.190.128.193 filename /home/ram/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 5
debug1: Host '10.190.128.193' is known and matches the RSA host key.
debug1: Found key in /home/ram/.ssh/known_hosts:5
debug2: bits set: 490/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1165
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1213
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ram/.ssh/identity ((nil))
debug2: key: /home/ram/.ssh/id_rsa ((nil))
debug2: key: /home/ram/.ssh/id_dsa ((nil))
debug2: key: /home/ram/.ssh/id_ecdsa ((nil))
debug3: Wrote 64 bytes for a total of 1277
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 10.190.128.193.
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_5667' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_5667' not found

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_5667' not found

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ram/.ssh/identity
debug3: no such identity: /home/ram/.ssh/identity
debug1: Trying private key: /home/ram/.ssh/id_rsa
debug3: no such identity: /home/ram/.ssh/id_rsa
debug1: Trying private key: /home/ram/.ssh/id_dsa
debug3: no such identity: /home/ram/.ssh/id_dsa
debug1: Trying private key: /home/ram/.ssh/id_ecdsa
debug3: no such identity: /home/ram/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: packet_send2: adding 64 (len 49 padlen 15 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 144 bytes for a total of 1421
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: packet_send2: adding 64 (len 49 padlen 15 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 144 bytes for a total of 1565
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: packet_send2: adding 64 (len 49 padlen 15 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 144 bytes for a total of 1709
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
Build step 'Execute shell' marked build as failure
Finished: FAILURE
 Help us localize this page

Cosa fa ls -l /dev/tty mostrare?
testeaxeax

crw-rw-rw- l root tty 5
user3290395

Il server a cui stai tentando di accedere è protetto da una password o da un segreto / chiave RSA o da qualcos'altro?
testeaxeax

dovrebbe essere la password ... anche se non sono sicuro
user3290395

Per favore controllalo.
testeaxeax

Risposte:


0

Spiegazione:

Non funziona perché il server richiede una password per l'autenticazione, ma ssh viene eseguito da Jenkins e quindi lo stdin di ssh è connesso a Jenkins e non al terminale e quindi non è possibile per ssh chiedere la password. È necessario configurare il server per accettare l'autenticazione basata su chiave RSA in modo che tu possa dare a ssh la chiave per essere in grado di autenticarsi senza l'interazione dell'utente.

Come utilizzare una coppia di chiavi RSA per l'autenticazione:

  1. Apri un terminale sul tuo computer locale
  2. Eseguire ssh-keygen -t rsa, per la posizione è sufficiente premere invio e per la password è sufficiente premere anche Invio.
  3. Eseguire ssh-copy-id yourremoteuser@1.2.3.4 (sostituire "yourremoteuser@1.2.3.4" con il nome utente remoto e l'indirizzo IP del server)
  4. Rispondi sicuro di voler collegare la domanda con si.
  5. Inserisci la password del tuo server.
  6. Ora puoi usare la tua chiave RSA per accedere al server.

Ho seguito tutto il passaggio e creato la chiave rsa ... Tuttavia, ottengo lo stesso errore. È qualcosa che devo aggiungere il comando per raccogliere la chiave rsa per accedere al server?
user3290395

Puoi accedere senza password eseguendo ssh yourremoteuser@1.2.3.4?
testeaxeax

No! Guardando in / var / log / secure mostra password fallita per utente dalla porta 1.2.3.4 1234 ssh2
user3290395

Hai eseguito il ssh-keygen comando con lo stesso utente utilizzato per l'esecuzione ssh yourremoteuser@1.2.3.4?
testeaxeax

Qual è l'output di ls /home/yourremoteuser/.ssh/authorized_keys sul tuo server?
testeaxeax
Utilizzando il nostro sito, riconosci di aver letto e compreso le nostre Informativa sui cookie e Informativa sulla privacy.
Licensed under cc by-sa 3.0 with attribution required.