看来我的 openssh 客户端(OpenSSH_4.6p1,OpenSSL 0.9.8e 2007 年 2 月 23 日)无法打开known\_hosts
或id\_rsa
文件,即使我可以通过使用“类型”命令查看它们的内容来很好地看到它们。这是作为服务运行的 Hudson 实例的“SYSTEM”用户运行的。值得注意的是,如果我将%HOME%
环境变量设置为使用另一个文件夹,例如c:\git
,一切正常。这表明存在权限问题,但“类型”命令似乎反驳了这一点。这是怎么回事,我该如何进一步诊断?
C:\hudson\jobs\blah\workspace>type C:\Windows\System32\config\systemprofile\.ssh\known_hosts
git,10.3.11.91 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA00Er2Sidyjm+wf0X4Ck/Yld85HedJTJAwlQg9KoWL1rJYyA90Zcdm6qhjsZs+9yXvpoRALeUBBYa07aRpU9PwYQodhuAoE31c3WytKXPQ7XnwL+hCnsZckdmLFgX0Vptto/PZ0uZY5KhmvHN+shRovHbg9yfe979wAG7V5HaSRs=
C:\hudson\jobs\blah\workspace>type C:\Windows\System32\config\systemprofile\.ssh\id_rsa
-----BEGIN RSA PRIVATE KEY-----
-----private key content was here-----
-----END RSA PRIVATE KEY-----
C:\hudson\jobs\blah\workspace>"c:\program files (x86)\git\bin\ssh" -T -vvv git@git ls
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug2: ssh_connect: needpriv 0
debug1: Connecting to git [10.3.11.91] port 22.
debug1: Connection established.
debug1: identity file /c/Windows/System32/config/systemprofile/.ssh/identity type -1
debug1: identity file /c/Windows/System32/config/systemprofile/.ssh/id_rsa type -1
debug1: identity file /c/Windows/System32/config/systemprofile/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 130/256
debug2: bits set: 489/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /c/Windows/System32/config/systemprofile/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /c/Windows/System32/config/systemprofile/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'qvtgit' is known and matches the RSA host key.
debug1: Found key in /c/Windows/System32/config/systemprofile/.ssh/known_hosts:1
debug2: bits set: 511/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /c/Windows/System32/config/systemprofile/.ssh/identity (0x0)
debug2: key: /c/Windows/System32/config/systemprofile/.ssh/id_rsa (0x0)
debug2: key: /c/Windows/System32/config/systemprofile/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /c/Windows/System32/config/systemprofile/.ssh/identity
debug3: no such identity: /c/Windows/System32/config/systemprofile/.ssh/identity
debug1: Trying private key: /c/Windows/System32/config/systemprofile/.ssh/id_rsa
debug3: no such identity: /c/Windows/System32/config/systemprofile/.ssh/id_rsa
debug1: Trying private key: /c/Windows/System32/config/systemprofile/.ssh/id_dsa
debug3: no such identity: /c/Windows/System32/config/systemprofile/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
OpenSSH 拒绝使用除所有者之外的任何人都可以读取的私钥 - 检查唯一有权访问该文件的帐户是 SYSTEM 帐户。
(进一步检查表明这不是您的问题。)
对OpenSSH 源代码的检查表明,仅在stat(2) 函数调用失败的情况下才会打印此错误消息:参见sshconnect2.c 的第 1224 行。从 Cygwin 环境中查看 'whoami && stat /c/Windows/System32/config/systemprofile/.ssh/id_dsa' 的输出会很有趣。
或者,尝试使用Process Monitor之类的工具来查看 API 级别发生了什么——也许访问身份文件时返回的错误消息会给你一个线索。
它也可能是 Vista 中的虚拟存储机制,它在用户通常无法访问的目录上创建一个覆盖,用户可以在其中写入。
如果文件是由非管理员帐户复制到那里的,则它们可能最终进入
即,您将用户的密钥复制到指定的路径,vista 在您的用户 VirtualStore 中创建了一个包含这些文件的覆盖。但是,当作为另一个用户调用时,该用户将看不到您的用户 VirtualStore 中包含的更改。