我正试图让乙醇钠盐工作,并被困了几个小时。我的局域网上的CentOS 6服务器。
我终于得到ssh -vvv gitolite
来使用此配置文件
Host gitolite
User gitolite
HostName srv
Port 2002
IdentityFile ~/.ssh/srv_gitolite_openssh
但仅在我在服务器上进行调试时才有效
sudo service sshd stop
sudo /usr/sbin/sshd -Dd
当sshd作为服务运行时,连接失败。
http://pastebin.com/UHVS1sSK
为什么当我手动运行sshd而不将sshd作为服务时它能工作?似乎使用了相同的
sshd_config
文件,因为它使用了相同的端口号。另外,我的用户名gitolite
在配置的AllowUsers
部分中。成功案例如下:
http://pastebin.com/x4TcrG4R
更新:这是服务器端日志
服务失败:http://pastebin.com/Xce2k2x5
成功:http://pastebin.com/jYgiDhEm
失败案例的重点如下。两种情况下的“key_from_blob”不应该相同吗?我试过删除authorized_keys的命令部分,但作为服务仍然失败。
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x7f72b6e93350
debug1: temporarily_use_uid: 505/505 (e=0/0)
debug1: trying public key file /var/lib/gitolite/.ssh/authorized_keys
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 505/505 (e=0/0)
debug1: trying public key file /var/lib/gitolite/.ssh/authorized_keys2
debug1: restore_uid: 0/0
Failed publickey for gitolite from 192.168.1.201 port 57488 ssh2
debug3: mm_answer_keyallowed: key 0x7f72b6e93350 is not allowed
debug3: mm_request_send entering: type 22
成功案例的亮点:
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x7f4d79de18b0
debug1: temporarily_use_uid: 505/505 (e=0/0)
debug1: trying public key file /var/lib/gitolite/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug3: secure_filename: checking '/var/lib/gitolite/.ssh'
debug3: secure_filename: checking '/var/lib/gitolite'
debug3: secure_filename: terminating check at '/var/lib/gitolite'
debug2: key_type_from_name: unknown key type 'command="/var/lib/gitolite/bin/gitolite-shell'
debug3: key_read: missing keytype
debug2: user_key_allowed: check options: 'command="/var/lib/gitolite/bin/gitolite-shell gitolite",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBrEOo5blAUXXSwXdxUxTOhBDHcjw2OzxGg6Vu4drzmUYL5uPxjWLGzuzcNkrYmlVqXr5UBqeSbkZh9W/0lLMcmiv5FLdIQ+J2m5lqHsEJLS8FImfJxfo2/LvboFy0NFOxF8GaHxeIWFp+YmwAlogO9gi1zgXK99DGc15W/edYwCw==
'
debug1: matching key found: file /var/lib/gitolite/.ssh/authorized_keys, line 2
Found matching RSA key: ae:92:1d:a7:7b:ec:75:7a:19:ac:28:75:b0:cc:27:8f
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x7f4d79de18b0 is allowed
最佳答案
我怀疑这两种情况下的按键都起作用。
但是将sshd
作为服务运行与从当前 session 运行它不同:请参见“Why would I use “ service sshd reload
” in preference to “ service sshd restart
”?”。
该服务将取消所有继承的环境变量,并仅保留PATH
和TERM
。
在~gitolite/.ssh/authorized_keys
中注册了Gitolite uses a forced command,并且必须缺少一个环境变量(当sshd作为服务运行时),这会阻止命令的执行。
“public key authentication fails ONLY when sshd is daemon”也有类似情况:
SELinux is likely the cause.
The.ssh
dir is probably mislabeled.Look at
/var/log/audit/audit.log
. It should be labeledssh_home_t
.
Check withls -laZ. Run restorecon -r -vv /root/.ssh
if need be.
关于ssh - gitolite无法与sshd服务一起使用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18998831/