我有一个EC2示例,它是从一个已经安装了git的现有AMI创建的。我尝试使用SSH克隆一个git仓库,但遇到了我不理解的错误。
在我的home/ubuntu/.ssh文件夹中,我有一个私钥bitbucket_key。我运行了以下步骤
sudo su root
eval `ssh-agent`
ssh-add /home/ubuntu/.ssh/bitbucket_key
我做了sudo root,因为bitbucket key的访问级别是root。此密钥的当前权限为600
rw_______ root root bitbucket_key
在以上步骤之后,我尝试将存储库克隆为(与root用户相同)
git clone git@bitbucket.org:username/project-name.git
错误是
Cloning into 'project-name'...
fatal: cannot exec '/home/ubuntu/.ssh/bitbucket_key': Permission denied
fatal: cannot exec '/home/ubuntu/.ssh/bitbucket_key': Permission denied
fatal: unable to fork
然后我试了这个
ssh -vT git@bitbucket.org
日志是
OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to bitbucket.org [18.205.93.0] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version conker_f1bacdec8b b8739258fd2d
debug1: no match: conker_f1bacdec8b b8739258fd2d
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:FC73VB6C4OtySCrjEayher4UMxS97caD/Yyi2bhW/J0
debug1: Host 'bitbucket.org' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: bitbucket-key ED25519 SHA256:OEbnHvt/IvLfTGHSCPtuTU+fTKDxHa/0cGVdkx5r8EY agent
debug1: Will attempt key: /root/.ssh/id_rsa
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ssh-rsa,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: bitbucket-key ED25519 SHA256:OEbnHvt/IvLfTGHSCPtuTU+fTKDxHa/0cGVdkx5r8EY agent
debug1: Server accepts key: bitbucket-key ED25519 SHA256:OEbnHvt/IvLfTGHSCPtuTU+fTKDxHa/0cGVdkx5r8EY agent
debug1: Authentication succeeded (publickey).
Authenticated to bitbucket.org ([18.205.93.0]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = C.UTF-8
authenticated via ssh key.
You can use git to connect to Bitbucket. Shell access is disabled
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2156, received 2224 bytes, in 0.0 seconds
Bytes per second: sent 788517.8, received 813387.5
debug1: Exit status 0
编辑:
我已经按照答案中的建议尝试了这种方法,
ssh -i /home/ubuntu/.ssh/bitbucket_key -vT git@bitbucket.org
OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to bitbucket.org [18.205.93.1] port 22.
debug1: Connection established.
debug1: identity file /home/ubuntu/.ssh/bitbucket_key type -1
debug1: identity file /home/ubuntu/.ssh/bitbucket_key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version conker_f1bacdec8b 7e6afeeb70fc
debug1: no match: conker_f1bacdec8b 7e6afeeb70fc
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:FC73VB6C4OQLSmrjEayknp9UMrS99cdD/Yyi2bhW/J0
debug1: Host 'bitbucket.org' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
Warning: Permanently added the ECDSA host key for IP address '18.205.93.1' to the list of known hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: bitbucket-key ED25519 SHA256:OEbnHvt/IvLfTGHSCPtuTU+fTKDxHa/0cGVdkx5r8EY agent
debug1: Will attempt key: /home/ubuntu/.ssh/bitbucket_key explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-dss,ecdsa-sha2-nistp384,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ssh-rsa,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: bitbucket-key ED25519 SHA256:OEbnHvt/IvLfTGHSCPtuTU+fTKDxHa/0cGVdkx5r8EY agent
debug1: Server accepts key: bitbucket-key ED25519 SHA256:OEbnHvt/IvLfTGHSCPtuTU+fTlDxHa/0cGVdkx5r8EY agent
debug1: Authentication succeeded (publickey).
Authenticated to bitbucket.org ([18.205.93.1]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = C.UTF-8
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
authenticated via ssh key.
You can use git to connect to Bitbucket. Shell access is disabled
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2156, received 2224 bytes, in 0.0 seconds
Bytes per second: sent 141523.2, received 145986.8
debug1: Exit status 0
看起来我的密钥工作正常,但它的git clone命令权限被拒绝。有人能帮我吗?
注意以下问题没有帮助fatal: cannot exec '/home//.ssh': Permission denied when using Git
1条答案
按热度按时间snvhrwxg1#
git clone中使用的密钥是
/home/ubuntu/.ssh/<<key>>
,与测试ssh连接使用的密钥ssh -vT bitbucket.org
不同,后者是/root/.ssh/<<key>>
,因此两个测试并不相同。不同之处在于使用
ssh-add /home/ubuntu/.ssh/bitbucket_key
tossh代理,然后使用该键而不是默认键/root/.ssh/<<key>>
为了在测试ssh中进行复制,执行
ssh -i /home/ubuntu/.ssh/bitbucket_key -vT git@bitbucket.org
,然后它将使用ubuntu密钥,并向您展示为什么失败。一个可疑的初始化是ssh私钥权限应该是600而不是 400,如您在屏幕截图中所示。