SSH 원격은 bash 명령줄에서 작동하지만 bash 스크립트에서는 작동하지 않습니다.

(참고: 몇 가지 질문에 답변했지만 이 게시물 하단에는 여전히 답변되지 않은 질문이 있습니다.)

bash 명령줄에서 다음 명령을 실행하면 작동합니다.

ssh -t -v [email protected] sudo /home/my-rails-project/x/pg_rsync_ralph07_to_ralph12_finish

SSH의 자세한 출력은 다음과 같습니다.

OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.29.205 [192.168.29.205] port 22.
debug1: Connection established.
debug1: identity file /home/my-rails-project/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my-rails-project/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my-rails-project/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my-rails-project/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my-rails-project/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my-rails-project/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my-rails-project/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my-rails-project/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.29.205:22 as 'my-rails-project'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:EnDsn2kFQgiA56e4B2UuvDr3ajTLlN7/15lxLItnjUQ
debug1: Host '192.168.29.205' is known and matches the ECDSA host key.
debug1: Found key in /home/my-rails-project/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/my-rails-project/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.29.205 ([192.168.29.205]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: sudo /home/my-rails-project/x/pg_rsync_ralph07_to_ralph12_finish

똑같은 줄이 bash 스크립트에 있고 나는

OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.29.205 [192.168.29.205] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.29.205:22 as 'my-rails-project'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:EnDsn2kFQgiA56e4B2UuvDr3ajTLlN7/15lxLItnjUQ
debug1: Host '192.168.29.205' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).

두 출력은 라인(스크립트)에서 분기됩니다.

debug1: Found key in /root/.ssh/known_hosts:1

(명령줄)

debug1: Found key in /home/my-rails-project/.ssh/known_hosts:1

그 차이가 문제를 가리키는지는 모르겠습니다.

그래서 내 질문은 다음과 같습니다

ssh가 스크립트에서 실행할 때 /root/.ssh/known_hosts를 보고 명령줄에서 실행할 때 /home/my-rails-project/.ssh/known_hosts를 보는 이유는 무엇입니까?

바로 위의 내 질문에 대답하십시오.

좋아요, 제가 이 글을 쓰면서 차이에 대한 답이 명확해졌습니다. 저는 스크립트를 다음과 같이 실행하고 있었습니다.

sudo myScript

그래서 내 추가 질문은 다음과 같습니다. ssh에게 Known_hosts에 대해 /home/my-rails-project/.ssh/known_hosts를 사용하도록 어떻게 지시합니까?

바로 위의 내 질문에 대답

약간의 연구를 통해 답을 얻었습니다.https://stackoverflow.com/questions/10765946/ssh-use-known-hosts-other-than-home-ssh-known-hosts

이제 내 명령줄은 다음과 같습니다.

ssh -o UserKnownHostsFile=/home/my-rails-project/.ssh/known_hosts -t -v [email protected] sudo /home/my-rails-project/x/pg_rsync_ralph07_to_ralph12_finish

바로 위의 명령줄은 앞에 sudo가 없으면 다시 작동합니다. 앞에 sudo를 사용하면 실패합니다. 자세한 출력은 다음과 같습니다.

my-rails-project@my-rails-project:~$ sudo ssh -o UserKnownHostsFile=/home/my-rails-project/.ssh/known_hosts -t -v [email protected] sudo /home/my-rails-project/x/pg_rsync_ralph07_to_ralph12_finish
[sudo] password for my-rails-project: 
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.29.205 [192.168.29.205] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.29.205:22 as 'my-rails-project'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:EnDsn2kFQgiA56e4B2UuvDr3ajTLlN7/15lxLItnjUQ
debug1: Host '192.168.29.205' is known and matches the ECDSA host key.
debug1: Found key in /home/my-rails-project/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
my-rails-project@my-rails-project:~$ 

그리고 sudo 및 sudo가 아닌 자세한 출력은 자세한 목록의 끝 부분 근처에서 분기됩니다.

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
my-rails-project@my-rails-project:~$ 

질문:

내 개인 키에 대해 /root/.ssh 대신 /home/my-rails-project/.ssh를 사용하고 여전히 대상 시스템에서 sudo를 유지하도록 ssh에 지시하려면 어떻게 해야 합니까?

바로 위의 내 질문에 대답하십시오.

보고http://manpages.ubuntu.com/manpages/trusty/man1/ssh.1.html

이제 ssh 명령줄은 다음과 같습니다.-나옵션)

ssh -o UserKnownHostsFile=/home/my-rails-project/.ssh/known_hosts -i /home/my-rails-project/.ssh/id_rsa -t -v [email protected] sudo /home/my-rails-project/x/pg_rsync_ralph07_to_ralph12_finish

그런 다음 뭔가(ssh?)가 비밀번호를 요구하는 것을 제외하고는 성공했습니다. 이제 출력은 다음과 같습니다.

my-rails-project@my-rails-project:~$ sudo ssh -o UserKnownHostsFile=/home/my-rails-project/.ssh/known_hosts -i /home/my-rails-project/.ssh/id_rsa -t -v [email protected] sudo /home/my-rails-project/x/pg_rsync_ralph07_to_ralph12_finish
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.29.205 [192.168.29.205] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/my-rails-project/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my-rails-project/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.29.205:22 as 'my-rails-project'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:EnDsn2kFQgiA56e4B2UuvDr3ajTLlN7/15lxLItnjUQ
debug1: Host '192.168.29.205' is known and matches the ECDSA host key.
debug1: Found key in /home/my-rails-project/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/my-rails-project/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
Enter passphrase for key '/home/my-rails-project/.ssh/id_rsa': 
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.29.205 ([192.168.29.205]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: sudo /home/my-rails-project/x/pg_rsync_ralph07_to_ralph12_finish

질문:

다음과 같은 메시지가 나타납니다.

Enter passphrase for key '/home/my-rails-project/.ssh/id_rsa': 

이 비밀번호 요청을 억제하려면 어떻게 해야 합니까?

두 컴퓨터(Ralph07 및 Ralph12)에서 /etc/sudoers.d/ralph를 마사지하여 대부분의 비밀번호 요청을 억제했습니다.

# This script should only be run on Ralph07
my-rails-project ALL=(ALL:ALL) NOPASSWD: /home/my-rails-project/x/pg_rsync_ralph07_to_ralph12

# This script should only be run on Ralph12
my-rails-project ALL=(ALL:ALL) NOPASSWD: /home/my-rails-project/x/pg_rsync_ralph07_to_ralph12_finish