我通过 ssh 运行远程脚本,并在触摸时出现权限错误,而如果我使用相同的密钥通过 ssh 连接,则一切正常。例如,执行脚本,运行 echo。
这是我运行的代码:
ssh -Tv [email protected] 'bash var/deploy.sh'
这是脚本的内容:
#!/bin/bash
echo "blabla"
touch bidule
ln -sfn www-26 www
这是命令的结果:
debug1: Reading configuration data /Users/local_user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 149.202.xxx.xxx [149.202.xxx.xxx] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/local_user/.ssh/id_rsa type -1
...
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5p1 Ubuntu-10ubuntu0.1
debug1: match: OpenSSH_7.5p1 Ubuntu-10ubuntu0.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 149.202.xxx.xxx:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:sSTBN/oPCEhmpaK2UKIU1DC1uhlGB3F0II2TDfHi5eA
debug1: Host '149.202.xxx.xxx' is known and matches the ECDSA host key.
debug1: Found key in /Users/local_user/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/local_user/.ssh/local_user_mac
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to 149.202.xxx.xxx ([149.202.xxx.xxx]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending environment.
debug1: Sending env LC_CTYPE = UTF-8
debug1: Sending command: bash var/deploy.sh
blabla
touch: cannot touch 'bidule': Permission denied
ln: failed to create symbolic link 'www': Permission denied
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 4144, received 2844 bytes, in 0.4 seconds
Bytes per second: sent 10803.0, received 7414.0
debug1: Exit status 1
我还尝试了 ssh 的各种选项(-ttv、-Tv、-v),但总是得到相同的答案。
请注意,如果我使用相同的密钥并简单地使用 ssh[电子邮件受保护] 然后从命令行运行 bash var/deploy.sh ,它工作正常。
另请注意,该目录的所有内容都是使用相同的密钥通过 sftp 上传的。
语境:
服务器操作系统:
Distributor ID: Ubuntu
Description: Ubuntu 17.10
Release: 17.10
Codename: artful
客户端(使用 ssh 命令的地方):bitbucket pipeline 实例或用于本地测试的 mac OSX。
有关信息,请参阅 var 目录的权限:
[10:39:32] iam.test.edu-sante.com@Dagobert:~/var$ ls -rtla
total 48
drwxr-xr-x 4 root root 4096 Mar 26 14:37 ..
-rw-r--r-- 1 user group 58 Mar 26 17:46 deploy.sh
drwxr-xr-x 3 user group 4096 Mar 26 17:46 www-26
...
lrwxrwxrwx 1 user group 6 Mar 27 10:13 www -> www-24
drwxr-xr-x 11 user group 4096 Mar 27 10:13 .
请注意,这里的 var 目录不是 /var 目录,而是特定于用户的 $HOME/var 目录。
为了以防万一,这是我的 sshd 配置文件:
# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 6
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
Match group sftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
用户不属于 sftp 组。
答案1
看起来您想在~/var目录中运行脚本,但目前它是在主目录中运行。
该命令bash var/deploy.sh不会切换到var目录,而是touch bidule尝试在当前目录(可能是用户的主目录)中创建文件。