基于 SSH 密钥的身份验证间歇性工作

我们有一个运行 jenkins 的开发服务器，其中有各种作业，运行通过 SSH（使用基于密钥的身份验证）连接到我们的实时服务器的 shell 脚本。

这似乎不太可靠。

如果我通过以“jenkins”用户身份登录到开发服务器，然后通过 SSH 连接到实时服务器来自行测试 SSH 连接，则身份验证将有效并且无需输入密码即可登录。

如果我手动运行其中一个詹金斯作业，它大多数时候都会有效（虽然今天早上有一个作业失败了，促使我写了这张票）但如果我自动执行该作业以在夜间运行，它大多数时候都会失败（我认为它曾经成功过一次）。

每次失败的点都在 SSH 连接上：

> ssh -T nepton@xxx
> Permission denied, please try again.
> Permission denied, please try again.
> Permission denied (publickey,password).

任何帮助都将不胜感激，因为我完全陷入困境，而且 Linux 绝对不是我的专业领域。

附加信息：

• 我在 Dev 上生成了公钥（以“jenkins”用户身份登录），使用方法如下： ssh-keygen -t rsa
• 我使用以下命令将密钥复制到实时服务器：ssh-copy-id -i ~/.ssh/id_rsa.pub nepton@xxx

Dev 上的 /var/lib/jenkins/.ssh/ 的权限是：

drwx------  2 jenkins jenkins 4096 Apr  4 13:31 .
drwxr-xr-x 13 jenkins jenkins 4096 Apr  4 13:38 ..
-rw-------  1 jenkins jenkins 1679 Apr  4 13:31 id_rsa
-rw-r--r--  1 jenkins jenkins  400 Apr  4 13:31 id_rsa.pub
-rw-r--r--  1 jenkins jenkins 1338 Apr  4 13:33 known_hosts

Live 服务器上 /home/nepton/.ssh/ 的权限为：

drwx------ 2 nepton nepton 4096 Mar 20 17:37 .
drwx------ 4 nepton nepton 4096 Apr  2 10:52 ..
-rw------- 1 nepton nepton 2005 Apr  8 10:23 authorized_keys
-rw-r--r-- 1 nepton nepton 1106 Apr  1 10:39 known_hosts

• 我在两台服务器上运行着 Ubuntu 的最新 LTS 版本和标准 SSH 包。

调试信息

ssh -v -T -i /var/lib/jenkins/.ssh/id_rsa nepton@xxx
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to xxx [xx.xxx.xx.xxx] port 22.
debug1: Connection established.
debug1: identity file /var/lib/jenkins/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /var/lib/jenkins/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA xxx
debug1: Host 'xxx' is known and matches the ECDSA host key.
debug1: Found key in /var/lib/jenkins/.ssh/known_hosts:7
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /var/lib/jenkins/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).
Build step 'Execute shell' marked build as failure