我目前正在设置我的持续部署 (CD) 管道,并首先让它VM-1
在我的服务器上的 VM ( ) 上运行。一切都很好。现在我想在VM-2
同一服务器上的另一个虚拟机()上使用它。我已手动将 SSH 公钥和私钥从服务器 ( VM-1
) 复制到服务器 ( VM-2
)。我认为为 ( ) 生成一个新密钥会更好,VM-2
但我打算VM-1
随后删除 ( ) 。VM-2
然而,在我这样做之后,我最初想将存储库克隆到 ( )。但不幸的是我收到此错误消息:
[email protected]: Permission denied (publickey)
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
输出:la -la ~/.ssh
drwx------ 2 ssh123 root 4096 Mär 29 16:27 .
drwxr-xr-x 20 ssh123 root 4096 Mär 29 16:27 ..
-rwx------ 1 ssh123 root 628 Mär 29 11:10 authorized_keys2
-rwx------ 1 ssh123 w014b01d 419 Mär 29 16:27 id_server_ed25519
-rwx------ 1 ssh123 w014b01d 105 Mär 29 16:26 id_server_ed25519.pub
-rw-r--r-- 1 ssh123 w014b01d 666 Mär 29 16:29 known_hosts
输出: ssh -vvv T [电子邮件受保护]
OpenSSH_8.2p1 Ubuntu-4ubuntu0.11, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "github.com" port 22
debug2: ssh_connect_direct
debug1: Connecting to github.com [1.1.1.4] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: identity file /.ssh/id_ecdsa type -1
debug1: identity file /.ssh/id_ecdsa-cert type -1
debug1: identity file /.ssh/id_ecdsa_sk type -1
debug1: identity file /.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /.ssh/id_ed25519 type -1
debug1: identity file /.ssh/id_ed25519-cert type -1
debug1: identity file /.ssh/id_ed25519_sk type -1
debug1: identity file /.ssh/id_ed25519_sk-cert type -1
debug1: identity file /.ssh/id_xmss type -1
debug1: identity file /.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
debug1: Remote protocol version 2.0, remote software version babeld-05989c77
debug1: no match: babeld-05989c77
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to github.com:22 as 'git'
debug3: hostkeys_foreach: reading file "/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from github.com
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,[email protected]
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,[email protected]
debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: [email protected],[email protected],hmac-sha2-512,hmac-sha2-256
debug2: MACs stoc: [email protected],[email protected],hmac-sha2-512,hmac-sha2-256
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: will use strict KEX ordering
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:p2xxxx98/Rxxxx3/Lxxxx
debug3: hostkeys_foreach: reading file "/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from github.com
debug3: hostkeys_foreach: reading file "/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from 140.82.121.4
debug1: Host 'github.com' is known and matches the ECDSA host key.
debug1: Found key in /.ssh/known_hosts:1
debug3: send packet: type 21
debug1: resetting send seqnr 3
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /.ssh/id_rsa
debug1: Will attempt key: /.ssh/id_dsa
debug1: Will attempt key: /.ssh/id_ecdsa
debug1: Will attempt key: /.ssh/id_ecdsa_sk
debug1: Will attempt key: /.ssh/id_ed25519
debug1: Will attempt key: /.ssh/id_ed25519_sk
debug1: Will attempt key: /.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/id_rsa
debug3: no such identity: /.ssh/id_rsa: No such file or directory
debug1: Trying private key: /.ssh/id_dsa
debug3: no such identity: /.ssh/id_dsa: No such file or directory
debug1: Trying private key: /.ssh/id_ecdsa
debug3: no such identity: /.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /.ssh/id_ecdsa_sk
debug3: no such identity: /.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /.ssh/id_ed25519
debug3: no such identity: /.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /.ssh/id_ed25519_sk
debug3: no such identity: /.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /.ssh/id_xmss
debug3: no such identity: /.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
更改默认键名
ssh
默认情况下,ssh 客户端和服务器会查找格式为 <加密类型> 的私钥
id_
。例如id_ed25519
,id_rsa
等等。这从问题中发布的调试日志中也可以明显看出。您的私钥名为id_server_ed25519
. ssh 客户端无法找到该密钥,因为它正在寻找名为id_ed25519
.尝试这个命令:
如果需要,将私钥文件的路径替换为正确的路径。
如果这有效,你有三个选择。
1.使用默认的键名
这种方法是最简单的解决方案。因为您可以将默认公钥上传到您想要使用 ssh 登录的任何远程计算机,它就会起作用。这样,您将只有一个私钥-公钥对用于所有远程 ssh 访问,而不是针对不同的计算机使用不同的密钥对。
更改公钥和私钥的名称:
2.更改个人配置
当本地计算机有多个用户并且您不想对每个人进行更改时,此方法效果最佳。或者如果您想为不同的 ssh 服务器创建不同的公私密钥对。
在 VM-2 的个人 ssh 客户端配置中添加几行,网址为
~/.ssh/config
. 使用以下命令编辑文件:添加文本:
请注意,此配置仅适用于 github 上的 ssh 服务器。此配置将允许您使用
ssh github
.上面的最后一行
IdentitiesOnly yes
确保 ssh 客户端仅检查此特定密钥文件id_server_ed25519
. 默认情况下,它将查找并尝试使用id_server_ed25519
和id_ed25519
。如果您的计算机上有这两个文件(例如id_server_ed25519
github 和id_ed25519
所有其他 ssh 服务器),这可能会导致问题。请记住,上述配置仅适用于 github。如果您想使用相同的密钥对访问另一台服务器,您必须将类似的文本添加到您的个人 ssh 客户端配置文件中。我假设你对 VM-1 做了类似的事情
更改全局配置
全局 ssh客户端配置文件是
/etc/ssh/ssh_config
. 编辑文件:查找以下几行:
使最后一行看起来像:
此更改将影响所有用户以及您使用此计算机上基于密钥的身份验证建立的所有 ssh 连接。
希望这可以帮助