下面您可以看到日志。连接是从 Cygwin SSH 客户端到 Cygwin SSHD 服务器。从命令行启动时连接正常,但从 Jenkins(Java 持续集成服务器)启动时连接失败。/dev/tty 文件存在,并且对每个人都是可读写的。我尝试删除它并重新创建它,但我做不到,因为 Cygwin 在我创建到 /dev/ttySO 的链接之前就重新创建了它。
ssh -t -vvv [email protected] 'mv -v /cygdrive/z/deploy-scripts /cygdrive/z/deploy-scripts-`date +%F_%H-%M-%S`'
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug2: ssh_connect: needpriv 0
debug1: Connecting to server.company.com [] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: identity file /.ssh/id_ecdsa type -1
debug1: identity file /.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA
debug1: read_passphrase: can't open /dev/tty: No such device or address
答案1
您希望 Jenkins(Java 持续集成服务器)如何输入 ssh 密钥的密码?
如果这是开发或暂存环境并且没有安全问题,您可以尝试暂时从密钥中删除密码,看看它是否更好地发挥作用。
编辑#1:
我可以重现您的问题的唯一方法是从 /dev/tty 中删除权限,如 openssh 常见问题解答中所述,但我想您已经检查过了?
权限错误:
#ls -l /dev/tty
crw-r----- 1 root root 5, 0 Aug 23 21:47 /dev/tty
$ssh -T -vv -p 2222 <username>@127.0.0.1
[...]
debug1: read_passphrase: can't open /dev/tty: Permission denied
debug1: permanently_drop_suid: xxxx
[...]
拥有良好的权限:
#chmod 666 /dev/tty
# ls -l /dev/tty
crw-rw-rw- 1 root root 5, 0 Aug 23 21:56 /dev/tty
[ssh client works]
答案2
对我来说是的git clone,我询问是否信任指纹。它在容器中,因此为了盲目信任,我设置了StrictHostKeyChecking:
FROM node:16
COPY "id_rsa" /root/.ssh/id_rsa
COPY "id_rsa.pub" /root/.ssh/id_rsa.pub
ENV GIT_SSH_COMMAND "ssh -v -o 'PasswordAuthentication no' '-o StrictHostKeyChecking=accept-new'"
RUN git clone [email protected]:evil/project.git
答案3
...
debug1: Server host key: ECDSA
debug1: read_passphrase: can't open /dev/tty: No such device or address
我遇到了这个问题(10 年后),发现问题不是 tty 或密码本身。Jenkins ssh 密钥可以通过该ssh-agent功能处理密码。但无论如何,我在测试时禁用了密码。这不是问题所在。
参考read_passphrase必须是通用输入“询问问题代码”。对我来说,它无法显示此对话框:
The authenticity of host 'server.company.com (192.168.188.44)' can't be established.
RSA key fingerprint is SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo.
Are you sure you want to continue connecting (yes/no/[fingerprint])? no
要以编程方式接受与服务器关联的所有地址的密钥,您可以使用以下命令:
ssh-keyscan -p 22 `getent ahosts server.company.com | awk '$3 { print $1 " " $3 }' | sort -u` >> ~/.ssh/known_hosts