SVN+SSH 时 SSH 代理转发不起作用

SVN+SSH 时 SSH 代理转发不起作用

我正在尝试在多个生产服务器上自动部署 SVN 存储库(带有 Web 应用程序),而不在服务器上安装任何私钥。

SVN 服务器托管在 srv3 上,并且应在 srv3 和 srv2 上的每次提交之后使用 SVN 提交后挂钩更新 Web 应用程序。

我正在使用这些平台/软件:

  • Windows 客户端
  • Debian 服务器
  • PuTTY + 选美
  • TortoiseSVN

当我通过 SSH 连接到 srv3 并随后通过 SSH 连接到 srv2 时,SSH 代理转发已开始工作:

Using username "adrien".
Authenticating with public key "adrien" from agent
Linux srv3 4.9.78-xxxx-std-ipv6-64 #2 SMP Wed Jan 24 10:27:15 CET 2018 x86_64

  Debian GNU/Linux 9 (stretch)

  Linux srv3.xxx 4.9.78-xxxx-std-ipv6-64 #2 SMP Wed Jan 24 10:27:15 CET 2018                                                                                                                                                              x86_64 GNU/Linux


  Server        : xxx
  IPv4          : xxx
  IPv6          : xxx
  Hostname      : srv3.xxx

Last login: Tue Sep 24 09:18:10 2019 from 80.245.26.124

adrien@srv3:~$ ssh srv2
Linux srv2 4.9.149-xxxx-std-ipv6-64 #539070 SMP Thu Jan 10 08:31:30 UTC 2019 x86_64

  Debian GNU/Linux 9 (stretch)

  Linux srv2 4.9.133-xxxx-std-ipv6-64 #413770 SMP Mon Oct 15 08:12:05 UTC 2018 x86_64 GNU/Linux


  Server        : xxx
  IPv4          : xxx
  IPv6          : xxx
  Hostname      : srv2.xxx

Last login: Tue Sep 24 06:35:09 2019 from xxx
adrien@srv2:~$

-v 标志返回(我截断了开头):

debug1: Next authentication method: publickey
debug1: Offering RSA public key: adrien
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
Authenticated to srv2.fr0.fr ([176.31.123.129]:7227).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8

但是,当我进行 SVN 提交时(url 是 svn+ssh://srv3/var/svn/xxx ,且 srv3 是 PuTTY 别名),SSH 代理转发不起作用:
SSH 代理转发不起作用

hooks/post-commit 文件是:

#!/bin/sh

/usr/bin/ssh -A -v srv2 "svn update /var/www/xxx"

第一次尝试

我尝试覆盖 TortoiseSVN SSH 客户端(添加 -A 标志),但没有成功:
覆盖 TortoiseSVN SSH 客户端

第二次尝试

我尝试在 TortoiseSVN 配置文件中手动定义 SSH 隧道命令:

[tunnels]
# I changed the SSH server to use a custom port
ssh = C:\\Program Files\\PuTTY\\plink.exe -ssh -P xxxx -v -A
C:\test>svn commit -m "test"
Looking up host "srv3.xxx" for SSH connection
Connecting to xxx port xxx
We claim version: SSH-2.0-PuTTY_Release_0.72
Remote version: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u4
Using SSH protocol version 2
No GSSAPI security context available
Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (unaccelerated)
Server also has ssh-ed25519/ecdsa-sha2-nistp256 host keys, but we don't know any of them
Host key fingerprint is:
ssh-rsa 2048 20:9f:25:9a:36:6a:1d:2e:63:2b:01:82:16:53:86:d5
Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
Pageant is running. Requesting keys.
Pageant has 1 SSH-2 keys
Using username "adrien".
Trying Pageant key #0
ASending Pageant's response
uthenticating with public key "adrien" from agent
Access granted
Opening main session channel
Opened main channel
Agent forwarding enabled
Started a shell/command
Sending        main.php
Transmitting file data .done
Committing transaction...
Committed revision 28717.

Warning: post-commit hook failed (exit code 255) with output:
OpenSSH_7.4p1 Debian-10+deb9u4, OpenSSL 1.0.2q  20 Nov 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Deprecated option "useroaming"
debug1: /etc/ssh/ssh_config line 60: Applying options for srv*
debug1: Connecting to srv2.xxx [xxx] port xxx.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/adrien/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/adrien/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/adrien/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/adrien/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/adrien/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/adrien/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/adrien/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/adrien/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u4
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to srv2.xxx:xxx as 'adrien'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:SSkilAGRvuD2YbreS/Hx249uhxOO/ql6QB1sqDZwW3o
debug1: Host '[srv3.xxx]:xxx' is known and matches the ECDSA host key.
debug1: Found key in /home/adrien/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/adrien/.ssh/id_rsa
debug1: Trying private key: /home/adrien/.ssh/id_dsa
debug1: Trying private key: /home/adrien/.ssh/id_ecdsa
debug1: Trying private key: /home/adrien/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).

2019-10-24:附加信息

我将这些命令添加到了提交后挂钩中:

echo "*** whoami" >> /tmp/log
whoami >> /tmp/log
echo "*** printenv SSH_AUTH_SOCK" >> /tmp/log
printenv SSH_AUTH_SOCK >> /tmp/log
echo "*** ls -al /tmp/ssh-*" >> /tmp/log
ls -al /tmp/ssh-* >> /tmp/log

结果是:

*** whoami
adrien
*** printenv SSH_AUTH_SOCK
*** ls -al /tmp/ssh-*
total 8
drwx------  2 adrien adrien 4096 Oct 24 07:37 .
drwxrwxrwt 12 root   root   4096 Oct 24 07:37 ..
srwxr-xr-x  1 adrien adrien    0 Oct 24 07:37 agent.31456

因此,看起来代理套接字已创建但未在 SSH_AUTH_SOCK 中定义!

2019-10-26 :第三次尝试

我用启动 ssh-agent 的指令替换了提交后钩子中的命令:

eval $(ssh-agent -s)
ssh-add

echo "*** whoami" >> /tmp/log
whoami >> /tmp/log
echo "*** printenv SSH_AUTH_SOCK" >> /tmp/log
printenv SSH_AUTH_SOCK >> /tmp/log
echo "*** ssh-add -l" >> /tmp/log
ssh-add -l >> /tmp/log

不幸的是,这不起作用...SSH_AUTH_SOCK 现在已经定义,但代理仍然没有密钥:

*** whoami
adrien
*** printenv SSH_AUTH_SOCK
/tmp/ssh-sZDW2KCwgdQ5/agent.21063
*** ssh-add -l
The agent has no identities.

ssh-添加-l在常规 SSH 会话中显示:

2048 SHA256:GQu880UuPXT89G00Xv8JDNHl0BzEkLcY9Gxt/CHxCtw adrien (RSA)

我被困在这里,不知道下一步该怎么做。
任何帮助我都会很感激!

答案1

在您的 ~/.bashrc 文件中添加以下代码
SSH_ENV="$HOME/.ssh/environment"
function start_agent {
echo "Initialising SSH agent..."
(umask 066; /usr/bin/ssh-agent > "${SSH_ENV}")
. "${SSH_ENV}" > /dev/null
/usr/bin/ssh-add ~/.ssh/<YOUR_PRIVATE_KEY>;
} # Source SSH settings, if applicable
if [ -f "${SSH_ENV}" ]; then
. "${SSH_ENV}" > /dev/null
ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
start_agent;
}
else
start_agent;
fi

& 注销后再次运行 ssh+svn commit 并登录终端。这将在下次使用 ssh 代理进行 ssh 并确认它是否有效。

相关内容