openstack:无法从 neutron-gateway/0 到实例的 ssh - 错误“权限被拒绝(公钥)”

openstack:无法从 neutron-gateway/0 到实例的 ssh - 错误“权限被拒绝(公钥)”

我使用本指南[OpenStack Charms 部署指南]执行了集群节点安装。(https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/install-maas.html),其中网络类型为平面网络,所用组件为:

  • 马斯
  • 朱朱
  • Openstack

我的实验室有以下网络规划:

                         +-------------+
                              Firewall
                            10.20.81.254
                          +-------------+
                                 | 
+-------------------------------------------------------------+
                              Switch 
      vlan81              vlan81                  vlan81
+-------------------------------------------------------------+
        |                   |                   || || || ||
+--------------+     +------------+        +------------------+
|Maas+Juju           |Juju Gui|            |Openstack
|10.20.81.1          |10.20.81.2           |10.20.81.3-6
+--------------+     +-------------+       +------------------+
                                                     |
                                +--------------------------------------------+
                                 Private Subnet             Floating Subnet
                                 10.1.0.0/24                10.20.81.220-230/24
                                 +---+----+--+              +----+------+
                                 |    |        +----+            |
                                 |    |        |    |            |
                                 |    +--------+ VR +-------------+
                                 |             |    |
                                 +--+-+        +----+
                                 |    |
                                 | VM |
                                 | .13|
                                 |    |

我无法使用 SSH 连接实例,这是错误:

[email protected]: Permission denied (publickey).

Ping 正常:

ubuntu@os-compute02:~$ sudo sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ping 10.1.0.13
PING 10.1.0.13 (10.1.0.13) 56(84) bytes of data.
64 bytes from 10.1.0.13: icmp_seq=1 ttl=64 time=1.47 ms 

我这样做了:

$: juju ssh neutron-gateway/0

然后

ubuntu@os-compute02:~$ sudo ip netns
qrouter-e933429f-6816-47b3-9e50-581d78243935 (id: 4)
qdhcp-65727477-9d15-4f79-8bc9-078b59eb6faa (id: 3)

使用以下命令在节点上创建 SSH 密钥对:

ubuntu@os-compute02: ssh-keygen -t rsa

接下来,我尝试允许 SSH 连接

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ssh -p 22 -i ~/.ssh/id_rsa.pub [email protected] -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.1.0.13 [10.1.0.13] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/ubuntu/.ssh/id_rsa.pub type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_rsa.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4
debug1: match: OpenSSH_7.6p1 Ubuntu-4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.1.0.13:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:E+2ZKulh+LewPnIPh7/OUTMcQ/FYNcUN4RuGMBCDtnA
debug1: Host '10.1.0.13' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:7
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:z1vLieNiK9fX0UhqioSPLroGX+gdcP0w1sY0XMUeIRM /home/ubuntu/.ssh/id_rsa.pub
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
Load key "/home/ubuntu/.ssh/id_rsa.pub": invalid format
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

第一个错误:

Load key "/home/ubuntu/.ssh/id_rsa.pub": invalid format

Openstack 上的“实例控制台日志”报告:

Starting Set console scheme...
[[0;32m  OK  [0m] Started Terminate Plymouth Boot Screen.
[[0;32m  OK  [0m] Started Set console scheme.
[[0;32m  OK  [0m] Created slice system-getty.slice.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Started LSB: automatic crash report generation.
[[0;32m  OK  [0m] Started System Logging Service.
[[0;32m  OK  [0m] Started Pollinate to seed the pseudo random number generator.
         Starting OpenBSD Secure Shell server...
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.

Ubuntu 18.04.1 LTS ubuntu ttyS0

ubuntu login: [   95.684752] cloud-init[1089]: Cloud-init v. 18.3-9-g2e62cb8a-0ubuntu1~18.04.2 running 'modules:config' at Wed, 03 Apr 2019 10:13:41 +0000. Up 94.75 seconds.
ci-info: no authorized ssh keys fingerprints found for user ubuntu.
<14>Apr  3 10:13:43 ec2: 
<14>Apr  3 10:13:43 ec2: #############################################################
<14>Apr  3 10:13:43 ec2: -----BEGIN SSH HOST KEY FINGERPRINTS-----
<14>Apr  3 10:13:43 ec2: 1024 SHA256:pOhpmetFuYOOTAkAR2eXy27gJAGq1g1uO9lIcRwrjCk root@ubuntu (DSA)
<14>Apr  3 10:13:43 ec2: 256 SHA256:nafzb325Ll5FKz4DOA4zmadhnNbhQKEFTIlXiXikG+Y root@ubuntu (ECDSA)
<14>Apr  3 10:13:43 ec2: 256 SHA256:zUlvRYdty80h+m5tIXEM3g59Vs8a0JGMZOIuCYG7NQs root@ubuntu (ED25519)
<14>Apr  3 10:13:43 ec2: 2048 SHA256:rK9e8f76d+ELlmU0LbUpeBL+VsC5JGkNCCpCbDPgJqE root@ubuntu (RSA)
<14>Apr  3 10:13:43 ec2: -----END SSH HOST KEY FINGERPRINTS-----
<14>Apr  3 10:13:43 ec2: #############################################################
-----BEGIN SSH HOST KEY KEYS-----
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNwKCVHrHIYxDCZ4KKRORJC1rhmVxanX5IZEdVvXlk0bdWUEpAZeRRLSnJDK3GD/xD7t/xVgMpTCWCmP60mjWU4= root@ubuntu
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvRjPqF6PCl0h/El4q+e7jmUEmxxZnZ9I94Eca+NW+Q root@ubuntu
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+0Jg/RwOuNRdj1lPIyVh8wHuZWeOk8r/INqNflyPq3DCaS5eEiSa3gfwf/2MagGxKsXmTScRDXvPulS0o+TsLaJnyd7FtDG/Wp163SpLQUl027iECoTQjb/oORJgqk0Lpsyk/D/5y93wqYsotPNEl7vP7ldkaSvl5RPcWe1U0Dqx1z4OfVM2NO5WBEEStaJ54OVfpJxiBreG6qS/kcXB9NsbIz63ObTlaSmn7BhLdnrrCXMFt+5WtKnqIjQKNb553d7dUHSbfflACva4G4BWNgPuDy5XXLxO+rLNtjT2uO3+hL9jZaMtfwWzO8Yb7bbu8xehdAZcv+r5uQf8ocxD9 root@ubuntu
-----END SSH HOST KEY KEYS-----
[   96.584607] cloud-init[1138]: Cloud-init v. 18.3-9-g2e62cb8a-0ubuntu1~18.04.2 running 'modules:final' at Wed, 03 Apr 2019 10:13:42 +0000. Up 96.31 seconds.
[   96.585321] cloud-init[1138]: ci-info: no authorized ssh keys fingerprints found for user ubuntu.
[   96.585658] cloud-init[1138]: Cloud-init v. 18.3-9-g2e62cb8a-0ubuntu1~18.04.2 finished at Wed, 03 Apr 2019 10:13:43 +0000. Datasource DataSourceNone.  Up 96.57 seconds
[   96.586004] cloud-init[1138]: 2019-04-03 10:13:43,102 - cc_final_message.py[WARNING]: Used fallback datasource

详细模式向我展示了:

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ssh -p 22 -i ~/.ssh/id_rsa.pub [email protected] -vvv
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "10.1.0.13" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.1.0.13 [10.1.0.13] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/ubuntu/.ssh/id_rsa.pub type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_rsa.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4
debug1: match: OpenSSH_7.6p1 Ubuntu-4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.1.0.13:22 as 'ubuntu'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:7
debug3: load_hostkeys: loaded 1 keys from 10.1.0.13
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:E+2ZKulh+LewPnIPh7/OUTMcQ/FYNcUN4RuGMBCDtnA
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:7
debug3: load_hostkeys: loaded 1 keys from 10.1.0.13
debug1: Host '10.1.0.13' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:7
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/ubuntu/.ssh/id_rsa.pub (0x559368ea5930), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:z1vLieNiK9fX0UhqioSPLroGX+gdcP0w1sY0XMUeIRM /home/ubuntu/.ssh/id_rsa.pub
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:z1vLieNiK9fX0UhqioSPLroGX+gdcP0w1sY0XMUeIRM
debug3: sign_and_send_pubkey: RSA SHA256:z1vLieNiK9fX0UhqioSPLroGX+gdcP0w1sY0XMUeIRM
Load key "/home/ubuntu/.ssh/id_rsa.pub": invalid format
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

然后

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 tail -f /var/log/auth.log
Apr  3 10:39:56 os-compute02 sudo:   ubuntu : TTY=pts/5 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/sbin/ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ssh -p 22 -i .ssh/id_rsa.pub [email protected] -v
    Apr  3 10:39:56 os-compute02 sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0)
    Apr  3 10:39:56 os-compute02 sudo: pam_unix(sudo:session): session closed for user root
    Apr  3 10:40:01 os-compute02 CRON[8944]: pam_unix(cron:session): session opened for user root by (uid=0)
    Apr  3 10:40:01 os-compute02 CRON[8944]: pam_unix(cron:session): session closed for user root

然后

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 journalctl -u ssh.service -f
-- Logs begin at Tue 2019-04-02 21:01:11 UTC. --
Apr 03 07:25:53 os-compute02 sshd[25670]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
Apr 03 07:51:03 os-compute02 sshd[27126]: Connection closed by 10.20.81.1 port 47780 [preauth]
Apr 03 07:51:03 os-compute02 sshd[27128]: Accepted publickey for ubuntu from 10.20.81.1 port 47782 ssh2: RSA SHA256:7ErDKB9+6yxjZtNMbAuPqIBhrrxAU1Ik6RXYda6uYkU
Apr 03 07:51:03 os-compute02 sshd[27128]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
Apr 03 08:48:14 os-compute02 sshd[10971]: Connection closed by 10.20.81.1 port 48266 [preauth]
Apr 03 08:48:14 os-compute02 sshd[10973]: Accepted publickey for ubuntu from 10.20.81.1 port 48268 ssh2: RSA SHA256:7ErDKB9+6yxjZtNMbAuPqIBhrrxAU1Ik6RXYda6uYkU
Apr 03 08:48:14 os-compute02 sshd[10973]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
Apr 03 10:26:49 os-compute02 sshd[20182]: Connection closed by 10.20.81.1 port 49104 [preauth]
Apr 03 10:26:49 os-compute02 sshd[20191]: Accepted publickey for ubuntu from 10.20.81.1 port 49106 ssh2: RSA SHA256:7ErDKB9+6yxjZtNMbAuPqIBhrrxAU1Ik6RXYda6uYkU
Apr 03 10:26:49 os-compute02 sshd[20191]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)

答案1

我已经解决了。我没有导入密钥,而是直接创建了 Openstack 的新密钥对,将其保存在我的桌面上,并在 .ssh/ 目录中的 neutron-gateway/0 上以相同的名称进行复制。

$: juju ssh neutron-gateway/0
ubuntu@os-compute03: nano .ssh/u1804Key.pem

复制密钥并更改权限

ubuntu@os-compute03: chmod 600 .ssh/u1804Key.pem

在此处输入图片描述

在此处输入图片描述 然后

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ssh -p 22 -i ~/.ssh/u1804Key.pem [email protected]
Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-33-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Wed Apr  3 21:19:12 UTC 2019

  System load:  0.0               Processes:           90
  Usage of /:   1.2% of 77.36GB   Users logged in:     0
  Memory usage: 12%               IP address for ens2: 10.1.0.13
  Swap usage:   0%


  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.

Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings


Last login: Wed Apr  3 20:51:52 2019 from 10.1.0.1
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@u1804ins:~$ 

相关内容