SSH를 작동시키려고 하는데 cron모든 표준 트릭을 시도했지만 전혀 운이 없었던 것 같습니다. 다음을 사용하여 비대화형 SSH를 실행할 수 있습니다.
>./some_script_with_ssh
배쉬에서. 그것을 사용하려고 할 때만 cron실패합니다 . 내가 얻을 수 있는 어떤 도움이라도 대단히 감사하겠습니다.
비슷한 질문에 대해 요청한 일부 데이터는 다음과 같습니다.
내 사용자의 crontab
PATH = /home/zach/.ssh/:/usr/bin
52 * * * * ssh -vvv my_account@my_remote "touch temp.temp"
Cron이 나에게 보낸 이메일의 인쇄물
OpenSSH_7.3p1 Ubuntu-1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "my_remote" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to my_remote [IP_HERE] port 22.
debug1: Connection established.
debug1: identity file /home/zach/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/zach/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3p1 Ubuntu-1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to my_remote:22 as 'my_account'
debug3: hostkeys_foreach: reading file "/home/zach/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/zach/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from my_remote
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug3: send packet: type 30
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:K8vzLDbyV5JKlcnHsIj6BK/yR4OTJaY4fFuHpsg0FdE
debug3: hostkeys_foreach: reading file "/home/zach/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/zach/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from my_remote
debug3: hostkeys_foreach: reading file "/home/zach/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/zach/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 128.97.70.146
debug1: Host 'my_remote' is known and matches the ECDSA host key.
debug1: Found key in /home/zach/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /home/zach/.ssh/id_rsa (0x55f6f6440f50)
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
debug3: start over, passed a different list publickey,gssapi-with-mic,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/zach/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:jsePXa9FO8c9f0bVwdgvXMJQ2GyHVqz5spaO13EQ0/M
debug3: sign_and_send_pubkey: RSA SHA256:jsePXa9FO8c9f0bVwdgvXMJQ2GyHVqz5spaO13EQ0/M
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug2: no passphrase given, try next key
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred:
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: send packet: type 61
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: send packet: type 61
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: send packet: type 61
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic,password,keyboard-interactive).
로컬 RSA 데이터에 대한 권한
>ls -l ~/.ssh/
total 12
-rw------- 1 zach zach 1766 Dec 22 13:47 id_rsa
-rw-r--r-- 1 zach zach 419 Dec 4 2015 id_rsa.pub
-rw-r--r-- 1 zach zach 1332 Dec 21 13:51 known_hosts
지역 가족 허가
>ls -l ~/..
total 20
drwx------ 2 root root 16384 Jul 17 2015 lost+found
drwx------ 67 zach zach 4096 Dec 22 16:05 zach
로컬 ~/.ssh 폴더의 권한
drwx------ 2 zach zach 4096 Dec 22 15:11 .ssh
원격 집 권한
drwx------ 31 my_account grad 4096 Dec 22 13:57 my_account
원격 RSA 데이터에 대한 권한
> ls -l ~/.ssh/
total 12
-rwx------ 1 my_account grad 419 Dec 4 2015 authorized_keys
-rw------- 1 my_account grad 36 Dec 20 22:45 config
-rw------- 1 my_account grad 223 Sep 10 14:51 known_hosts
원격 ~/.ssh 폴더에 대한 권한
> ls -l ~
drwx------ 2 my_account grad 4096 Dec 20 22:45 .ssh
현지의/etc/ssh/ssh_config
host *
passwordauthentication no
stricthostkeychecking no
identityfile ~/.ssh/id_rsa
sendenv lang lc_*
hashknownhosts yes
외딴/etc/ssh/ssh_config
> cat /etc/ssh/ssh_config
Host *
Protocol 2
ServerAliveInterval 120
TCPKeepAlive no
ConnectTimeout 5
NoHostAuthenticationForLocalhost yes
PreferredAuthentications gssapi-with-mic,publickey,keyboard-interactive,password
GSSAPIAuthentication yes
SendEnv "LOGNAME LANG LC_*"
ForwardX11Trusted yes
내 SSH 키는 비밀번호로 보호되어 있지 않습니다.
>env | grep SSH
SSH_AGENT_LAUNCHER=gnome-keyring
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh (I am user 1000)
또한 눈에 띄는 차이 없이 ssh의 -n, -T및 옵션 -t을 사용해 보았습니다 .-t -t
답변1
debug1: Offering RSA public key: /home/zach/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:jsePXa9FO8c9f0bVwdgvXMJQ2GyHVqz5spaO13EQ0/M
debug3: sign_and_send_pubkey: RSA SHA256:jsePXa9FO8c9f0bVwdgvXMJQ2GyHVqz5spaO13EQ0/M
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug2: no passphrase given, try next key
gnome-keyring귀하의 키는 비밀번호로 보호되어 있지만 이를 처리하기 위해 사용하고 있기 때문에 귀하는 이를 눈치채지 못할 수도 있습니다 . 그렇다면 가능성은 무엇입니까?
cron 작업에서 비밀번호를 제공하는 합리적이고 안전한 방법이 아직 없기 때문에 cron 작업에 대해 암호화되지 않은 별도의 키를 사용하십시오. 이것이 바람직합니다.
비밀번호를 일반 텍스트로 저장해도 괜찮다면 다음을 사용하세요
sshpass.sshpass -p your_passhprase -vvv my_account@my_remote "touch temp.temp"gnome-keyring또 다른 가능성은 (환경 변수를 사용하여 ) 연결을 "하이재킹"하는 것입니다SSH_AUTH_SOCK. 그러나 이것이 항상 작동하는 것은 아니라는 점에 유의하십시오. 그래픽 세션에서 로그아웃하면gnome-keyring더 이상 실행되지 않으며 오류가 다시 표시됩니다.SSH_AUTH_SOCK=/run/user/1000/keyring/ssh ssh -vvv my_account@my_remote "touch temp.temp"