bash - BASH Script - SCP - Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)
问题描述
I was requested for work to have a server that kinda acts like a backup for specific files mostly around 30 (cannot bind them together to a folder) they are scattered all over the server need to reach them individually. Before I'm inserting to the production environment - I have decided to try it at home
I have generated and copy the keys between both servers. I have changed folder and files permissions to the maximum required - even did 760 for testing purposes I have chmod 0770 to the all .ssh folder and still, get this annoying error also for both servers
I'm not using a Kerberos method or another programming interface - that requires me the GSSAPI - just a simple SCP
when I'm doing a manual SCP from test-server to linuxproject server it succeeds with no interruptions So I believe it has something to do with the second SSH process that comes from the SCP As when I'm accessing to test server for example - I'm able to execute commands before the SCP like creating a file (so issue happen I believe, when test-server tried to connect with the linuxproject server)
Below ERRORS I'm getting
Command:
[linuxproject@sysadmin ~]$ sshpass -p "abc12345" ssh test-server@192.168.1.26 " touch longlist.txt && scp longlist.txt linuxproject@192.168.1.18:/home/linuxproject"
ERROR:
Permission denied, please try again.
Permission denied, please try again.
linuxproject@192.168.1.18: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
lost connection
Some verbosity logs from the SCP command
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/oren/.ssh/id_rsa RSA SHA256:tguZWskKp6IFsqdZ5cb/AqzFBd7hzsMXRhjd02wGqko
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/oren/.ssh/id_dsa
debug3: no such identity: /home/oren/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/oren/.ssh/id_ecdsa
debug3: no such identity: /home/oren/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/oren/.ssh/id_ed25519
debug3: no such identity: /home/oren/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/oren/.ssh/id_xmss
debug3: no such identity: /home/oren/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
linuxproject@192.168.1.18: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
Please Please help me - I'm stuck for over 4 days with this (100 bad words) you know what- and can't get it solved
解决方案
根据我的经验0770
是错误的权限。SSH 对权限有些挑剔。你应该像这样使用它
user@server:~$ ls -la .ssh
total 28
drwx------ 2 user group 4096 Nov 30 17:34 .
drwxr-xr-x 59 user group 4096 Jan 8 08:00 ..
-rw-r--r-- 1 user group 394 May 5 2016 authorized_keys
-rw------- 1 user group 1675 May 10 2016 id_rsa
-rw-r--r-- 1 user group 390 May 10 2016 id_rsa.pub
~/.ssh/
此目录是所有用户特定配置和身份验证信息的默认位置。没有一般要求将此目录的全部内容保密,但建议的权限是用户的读/写/执行权限,其他人无法访问。
~/.ssh/id_rsa
包含用于身份验证的私钥。这些文件包含敏感数据,用户应该可以读取,但其他人不能访问(读/写/执行)。如果其他人可以访问,ssh 将简单地忽略私钥文件。
推荐阅读
- javascript - 从使用 d3.js 创建的对象中获取未定义的属性
- javafx - 使用javafx在baground中以反向顺序滑动图像
- asp.net - 为什么我得到 System.NullReferenceException: Object reference not set to an instance of an object?
- javascript - 如何自定义 react-show-more 或 less 文本到 Material-UI 图标
- python - 如何删除python列表中的字典?
- python - 如何解决此错误 [ModuleNotFoundError: No module named 'django.utils.inspect']
- javascript - 多次请求后同步请求
- html - CSS悬停问题(覆盖)
- django - 如何用间接相关的表注释查询集?
- sql-server - 如果上一次运行失败,则重新运行 SQL Server 作业