ssh - Ansible:无法通过 ssh 连接到主机
问题描述
我使用以下命令创建了一个 SSH 密钥对:
ssh-keygen -t rsa -C "remote-user" -b 4096
我将密钥对保存在~/.ssh本地计算机的目录中:
-rw------- 1 steve.rogers INTRA\users 3381 Jan 18 16:52 remote-user
-rw------- 1 steve.rogers INTRA\users 742 Jan 18 16:52 remote-user.pub
我在 GCP 中有一个实例,我已经为用户添加了上面的 public_key remote_user。
之后,我尝试使用以下命令通过 SSH 连接到实例:
ssh -i ~/.ssh/remote-user remote-user@<gcp-instance-ip>
我成功地 ssh 进入机器。
之后我尝试执行我的剧本:
ansible-playbook setup.yaml --tags "mytag" --extra-vars "env=stg" -i /environments/stg/hosts
执行没有成功,最终出现以下错误:
<gcp-server102> ESTABLISH SSH CONNECTION FOR USER: None
<gcp-server102> SSH: EXEC ssh -o ControlPersist=15m -F ssh.config -q -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/Users/steve.rogers/.ansible/cp/7be59d33ab gcp-server102 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
Read vars_file './environments/{{env}}/group_vars/all.yaml'
<gcp-server101> ESTABLISH SSH CONNECTION FOR USER: None
<gcp-server101> SSH: EXEC ssh -o ControlPersist=15m -F ssh.config -q -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/Users/steve.rogers/.ansible/cp/6a68673873 gcp-server101 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
Read vars_file './environments/{{env}}/group_vars/all.yaml'
<gcp-server201> ESTABLISH SSH CONNECTION FOR USER: None
<gcp-server201> SSH: EXEC ssh -o ControlPersist=15m -F ssh.config -q -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/Users/steve.rogers/.ansible/cp/e330878269 gcp-server201 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<gcp-server202> ESTABLISH SSH CONNECTION FOR USER: None
<gcp-server202> SSH: EXEC ssh -o ControlPersist=15m -F ssh.config -q -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/Users/steve.rogers/.ansible/cp/6f7ebc0471 gcp-server202 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<gcp-server102> (255, b'', b'remote-user@<gcp-instance-ip>: Permission denied (publickey).\r\n')
<gcp-server101> (255, b'', b'remote-user@<gcp-instance-ip>: Permission denied (publickey).\r\n')
fatal: [gcp-server102]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: remote-user@<gcp-instance-ip>: Permission denied (publickey).",
"unreachable": true
}
fatal: [gcp-server101]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: remote-user@<gcp-instance-ip>: Permission denied (publickey).",
"unreachable": true
}
<gcp-server202> (255, b'', b'remote-user@<gcp-instance-ip>: Permission denied (publickey).\r\n')
<gcp-server201> (255, b'', b'remote-user@<gcp-instance-ip>: Permission denied (publickey).\r\n')
fatal: [gcp-server202]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: remote-user@<gcp-instance-ip>: Permission denied (publickey).",
"unreachable": true
}
fatal: [gcp-server201]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: remote-user@<gcp-instance-ip>: Permission denied (publickey).",
"unreachable": true
}
我进入gcp_instance并检查了authorized_keys文件,它包含正确public_key的remote_user.
这些是我的ssh.config,ansible.cfg和host文件:
ssh.config:
Host bastion-host
User remote-user
HostName <gcp-instance-ip>
ProxyCommand none
IdentityFile ~/.ssh/remote-user
BatchMode yes
PasswordAuthentication no
Host gcp-server*
ServerAliveInterval 60
TCPKeepAlive yes
ProxyCommand ssh -q -A remote-user@<gcp-instance-ip> nc %h %p
ControlMaster auto
ControlPersist 8h
User remote-user
IdentityFile ~/.ssh/remote-user
ansible.cfg:
[ssh_connection]
ssh_args = -o ControlPersist=15m -F ssh.config -q
scp_if_ssh = True
[defaults]
host_key_checking = False
主持人
[gcp_instance]
gcp_instance01
[gcp_instance:children]
gcp_instance_level_01
gcp_instance_level_02
[gcp_instance_level_01]
gcp-server102
gcp-server101
[gcp_instance_level_02]
gcp-server201
gcp-server202
阻止我的剧本执行的问题可能是什么?
解决方案
推荐阅读
- asp.net - .rdlc 报告条形图仅显示类别组中 16 个项目中的 3 个
- python - 为什么我的程序没有读取 if else 命令?
- python - 在调用列表中的字典中的值时收到“TypeError:列表索引必须是整数或切片,而不是字典”
- sql - 按顺序取最后一个值
- php - 使用 wpdb > 获取与分类相关的用户列表
- architecture - Revit 2022 Family 已编辑但在计划中显示先前版本的行但未在编辑器中
- html - HTML5 视频标签突然停止在 Safari 桌面上工作
- android - 从 LatLng 坐标列表中绘制路径 (Android)
- python - 为什么这个 FOR 需要缩短数组的长度?
- javascript - 在 AWS Lambda 中生成 JS 的 Runtime.HandlerNotFound