请注意 - 这是特定于平台的。我尝试过
>>> print sys.platform
'darwin'
并且代码没有问题。然而,
>>> print sys.platform
'win32'
我明白这个问题了。
此外,我能够毫无问题地通过 winscp 进入实例。
我正在运行以下 gcloud ssh 命令:
gcloud compute ssh my-instance --zone=us-east1-b --command="sudo -S -i -u root -p '' echo 'git -C /root/git/v_a stash;git -C /root/git/v_a pull https://user:[email protected]/user/v_a.git;git -C /root/git/gcloud stash;git -C /root/git/gcloud pull https://user:[email protected]/user/gcloud.git;git -C /root/git/bt stash;git -C /root/git/bt pull https://user:[email protected]/user/bt.git;python /root/git/v_a/d_s_e.py --r-day=1 --r-l=5;' > runner.sh "
直到最近它才恢复正常,但现在又恢复了:
WARNING - POTENTIAL SECURITY BREACH!
The server's host key does not match the one PuTTY has
cached in the registry. This means that either the
server administrator has changed the host key, or you
have actually connected to another computer pretending
to be the server.
The new rsa2 key fingerprint is:
ssh-rsa blah
If you were expecting this change and trust the new key,
enter "y" to update PuTTY's cache and continue connecting.
If you want to carry on connecting but without updating
the cache, enter "n".
If you want to abandon the connection completely, press
Return to cancel. Pressing Return is the ONLY guaranteed
safe choice.
Update cached key? (y/n, Return cancels connection) stdin: is not a tty
正如您在上面的命令中看到的,它什么也不做,只是echo将其放入.sh文件中。
如果我删除中的文件C:\Users\%USER%\.ssh并重新运行我的 gcloud ssh,我会得到:
WARNING: The PuTTY PPK SSH key file for gcloud does not exist.
WARNING: The public SSH key file for gcloud does not exist.
WARNING: The private SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
Updating project ssh metadata...
.....................Updated [https://www.googleapis.com/compute/v1/projects/my-project].
done.
Waiting for SSH key to propagate.
WARNING - POTENTIAL SECURITY BREACH!
The server's host key does not match the one PuTTY has
cached in the registry. This means that either the
server administrator has changed the host key, or you
have actually connected to another computer pretending
to be the server.
The new rsa2 key fingerprint is:
ssh-rsa foo
If you were expecting this change and trust the new key,
enter "y" to update PuTTY's cache and continue connecting.
If you want to carry on connecting but without updating
the cache, enter "n".
If you want to abandon the connection completely, press
Return to cancel. Pressing Return is the ONLY guaranteed
safe choice.
Update cached key? (y/n, Return cancels connection) stdin: is not a tty
我为什么会收到此错误消息?我最近才开始收到。
如何避免收到此错误消息?我是否可以通过命令传递标志gcloud ssh以编程方式更新此缓存密钥?
谢谢!
编辑以回复 Navi:
在我的 gcloud 实例中我有以下路径:
/home/%USER%/.ssh
在本地,在我的电脑上,我运行了:
C:\>gcloud compute copy-files instance-v-a-20170826113548099000-l5-r1:/home/%USER%/.ssh C:/temp/ --zone us-east1-b
此外,本地我有以下路径:
C:\Users\%USER%\.ssh
其中有以下内容ls -l:
$ ls -l
total 97
-rw-r--r-- 1 username 197121 1679 Apr 9 20:55 _google_compute_engine
-rw-r--r-- 1 username 197121 1454 Apr 9 20:56 _google_compute_engine.ppk
-rw-r--r-- 1 username 197121 422 Apr 9 20:55 _google_compute_engine.pub
-rw-r--r-- 1 username 197121 63368 Jul 7 2016 _known_hosts
-rw-r--r-- 1 username 197121 398 Jun 27 2016 _known_hosts.txt
-rw-r--r-- 1 username 197121 1675 May 12 2015 github_rsa
-rw-r--r-- 1 username 197121 408 May 12 2015 github_rsa.pub
-rw-r--r-- 1 username 197121 1679 Aug 5 17:41 google_compute_engine
-rw-r--r-- 1 username 197121 1454 Aug 5 17:41 google_compute_engine.ppk
-rw-r--r-- 1 username 197121 1454 Aug 5 13:21 google_compute_engine.ppk_
-rw-r--r-- 1 username 197121 422 Aug 5 17:41 google_compute_engine.pub
-rw-r--r-- 1 username 197121 422 Aug 5 13:21 google_compute_engine.pub_
-rw-r--r-- 1 username 197121 1679 Aug 5 13:21 google_compute_engine_
在尝试解决这个问题时,我用下划线重命名了旧文件(这不适用于这个问题,只适用于记录)。
现在,在元数据 ssh 密钥中我有以下内容:
在我的C:\temp\.ssh\authorized_keys我有以下内容(截断以不公开我的密钥):
# Added by Google
ssh-rsa AAAAB3NzaC CookieMunster\jasonm@CookieMunster
我的本地C:\Users\%USER%\.ssh\google_compute_engine.ppk有:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: CookieMunster\jasonm@CookieMunster
Public-Lines: 6
AAAAB3NzaC
Private-Lines: 14
AAABA
Private-MAC: bd4
我已经比较了 notepad++ 中的完整字符串,它们是相同的,只是google_compute_engine.ppk文件尾部不包含计算机名称,而是在注释中。
所以 Navi 我不认为它们有区别。
我的systeminfo命令产生的结果:
Host Name: PCNAME
OS Name: Microsoft Windows 8.1
OS Version: 6.3.9600 N/A Build 9600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: user
Registered Organization:
Product ID: 00258-61265-96725-AAOEM
Original Install Date: 5/31/2014, 12:56:22 PM
System Boot Time: 9/1/2017, 12:32:41 AM
System Manufacturer: Acer
System Model: Aspire XC-603
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 55 Stepping 3 GenuineIntel ~2408 Mhz
BIOS Version: American Megatrends Inc. P11-A2, 1/23/2014
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: N/A
Time Zone: (UTC-05:00) Eastern Time (US & Canada)
Total Physical Memory: 3,985 MB
Available Physical Memory: 734 MB
Virtual Memory: Max Size: 8,128 MB
Virtual Memory: Available: 2,523 MB
Virtual Memory: In Use: 5,605 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\PCNAME
Hotfix(s): 117 Hotfix(s) Installed.
[01]: KB2899189_Microsoft-Windows-CameraCodec-Package
[02]: KB2868626
[03]: KB2883200
[04]: KB2884846
[05]: KB2887595
[06]: KB2894029
[07]: KB2894179
[08]: KB2894852
[09]: KB2894856
[10]: KB2896459
[11]: KB2900986
[12]: KB2903939
[13]: KB2910887
[14]: KB2911106
[15]: KB2913642
[16]: KB2919355
[17]: KB2919394
[18]: KB2919442
[19]: KB2920189
[20]: KB2921128
[21]: KB2928680
[22]: KB2954879
[23]: KB2955164
[24]: KB2958262
[25]: KB2959626
[26]: KB2959977
[27]: KB2961072
[28]: KB2961908
[29]: KB2962140
[30]: KB2962409
[31]: KB2965142
[32]: KB2965500
[33]: KB2966826
[34]: KB2966828
[35]: KB2967917
[36]: KB2968296
[37]: KB2969339
[38]: KB2971203
[39]: KB2972103
[40]: KB2972213
[41]: KB2973114
[42]: KB2975061
[43]: KB2975719
[44]: KB2976627
[45]: KB2977629
[46]: KB2977765
[47]: KB2978041
[48]: KB2978122
[49]: KB2978126
[50]: KB2979573
[51]: KB2979576
[52]: KB2984006
[53]: KB2987107
[54]: KB2989647
[55]: KB2989930
[56]: KB2990967
[57]: KB2993100
[58]: KB2994290
[59]: KB2995004
[60]: KB2995388
[61]: KB2996799
[62]: KB2998174
[63]: KB2999226
[64]: KB3000850
[65]: KB3003057
[66]: KB3003667
[67]: KB3004361
[68]: KB3004365
[69]: KB3004394
[70]: KB3006137
[71]: KB3008188
[72]: KB3008242
[73]: KB3008923
[74]: KB3011780
[75]: KB3012199
[76]: KB3012235
[77]: KB3012702
[78]: KB3013172
[79]: KB3013410
[80]: KB3014442
[81]: KB3016074
[82]: KB3018133
[83]: KB3019215
[84]: KB3019978
[85]: KB3020338
[86]: KB3021952
[87]: KB3022777
[88]: KB3022796
[89]: KB3023266
[90]: KB3023562
[91]: KB3024751
[92]: KB3024755
[93]: KB3025417
[94]: KB3027209
[95]: KB3029606
[96]: KB3029803
[97]: KB3030377
[98]: KB3030947
[99]: KB3032323
[100]: KB3032359
[101]: KB3033889
[102]: KB3034344
[103]: KB3034348
[104]: KB3035017
[105]: KB3035126
[106]: KB3035131
[107]: KB3035132
[108]: KB3035527
[109]: KB3035553
[110]: KB3035583
[111]: KB3036228
[112]: KB3036562
[113]: KB3036612
[114]: KB3039066
[115]: KB3044132
[116]: KB3046049
[117]: KB3102467
Network Card(s): 2 NIC(s) Installed.
[01]: Realtek PCIe GBE Family Controller
Connection Name: Ethernet
DHCP Enabled: Yes
DHCP Server: 000.000.1.1
IP address(es)
[01]: 000.000.0.155
[02]: ffff::ffff:ffff:ffff:ffff
[02]: TAP-Windows Adapter V9
Connection Name: Ethernet 2
Status: Media disconnected
Hyper-V Requirements: VM Monitor Mode Extensions: Yes
Virtualization Enabled In Firmware: Yes
Second Level Address Translation: Yes
Data Execution Prevention Available: Yes
答案1
我尝试使用“Google Cloud SDK Shell”在 MS Server 2012 R2 上复制此操作,但未收到警告消息。最可能的原因是 GCE 服务器上的 RSA 指纹已更改,但客户端计算机仍存储了以前的 RSA 指纹。
验证客户端计算机上 C:\Users\%USER%.ssh 目录文件下的密钥是否与 /path-to-home-directory/.ssh 目录文件下的 GCE 实例用户 SSH 密钥匹配。此外,验证 Cloud 控制台 > Compute Engine > 元数据 > 检查“SSH 密钥”选项卡下的项目范围 SSH 密钥,以查找可用的密钥,以便与客户端 C:\Users\%USER%.ssh 目录下存储的密钥匹配。
即使在客户端计算机上选择了“Y”来“更新缓存密钥?”,您是否会收到相同的消息?
编辑:附加屏幕截图。
答案2
由于某种原因,您尝试连接的服务器的公钥已发生更改并且与您存储的公钥不匹配,这就是 gcloud 出现问题的原因。
解决这个问题最简单的方法是这样做一次:
gcloud compute ssh [YOUR INSTANCE NAME] --force-key-file-overwrite
来自文档:
--force-key-file-overwrite
If enabled, the gcloud command-line tool will regenerate and overwrite the files associated with a broken SSH key without asking for confirmation in both interactive and non-interactive environments.
If disabled, the files associated with a broken SSH key will not be regenerated and will fail in both interactive and non-interactive environments.
这应该会覆盖您为该服务器存储的公钥。此后,当您连接时,您将不会收到任何错误,至少在服务器的 ssh 密钥再次更改之前不会收到任何错误。