我有如下案例:
ssh -J${some-jump-host} -i some-key.pem opc@${some-ip}
它不要求输入密钥密码,some-key.pem
而直接失败,因为未经身份验证。
但是,如果我这样做:
ssh-add -K some-key.pem
ssh -J${some-jump-host} opc@${some-ip}
这会在添加密钥时询问密码,然后它就可以工作了。
我有
$ cat ~/.ssh/config
Include ~/ssh_config
Host *
UseKeychain yes
StrictHostKeyChecking no
User my-username
IdentityFile path-to-an-irrelevant-key
IdentityFile path-to-some-other-irrelevant-key
ServerAliveInterval 60
ServerAliveCountMax 10
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
ForwardAgent yes
ForwardX11 yes
我们~/ssh_config
只定义了一些主机和代理跳转,以及这些:
Host *
User my-username
PKCS11Provider /Library/OpenSC/lib/opensc-pkcs11.so
ForwardAgent yes
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
所以我的问题是,为什么 ssh 在传递密钥时似乎忽略了它-i
?
笔记:-vvv
这是与以下情况 相关的输出:-i
debug1: Will attempt key: some-key.pem explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner
Authorized uses only. All activity may be monitored and reported.
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey