아래에서 로그를 볼 수 있습니다. 연결은 Cygwin SSH 클라이언트에서 Cygwin SSHD 서버로 이루어집니다. 명령줄에서 시작하면 연결이 제대로 작동하지만 Jenkins(Java Continuous Integration 서버)에서 시작하면 실패합니다. /dev/tty 파일이 존재하며 모두를 위한 rw입니다. 삭제하고 다시 생성하려고 시도했지만 Cygwin이 /dev/ttySO에 대한 링크를 생성하기 전에 다시 생성하기 때문에 할 수 없습니다.
ssh -t -vvv [email protected] 'mv -v /cygdrive/z/deploy-scripts /cygdrive/z/deploy-scripts-`date +%F_%H-%M-%S`'
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug2: ssh_connect: needpriv 0
debug1: Connecting to server.company.com [] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: identity file /.ssh/id_ecdsa type -1
debug1: identity file /.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA
debug1: read_passphrase: can't open /dev/tty: No such device or address
답변1
Jenkins(Java Continuous Integration 서버)가 SSH 키의 암호를 어떻게 입력할 것이라고 예상하시나요?
이것이 개발 또는 준비 환경이고 보안 문제가 없는 경우 키에서 암호 문구를 일시적으로 제거하여 더 잘 작동하는지 확인할 수 있습니다.
편집 #1:
문제를 재현할 수 있는 유일한 방법은 openssh faq에 명시된 대로 /dev/tty에서 권한을 제거하는 것이었지만 이미 확인하신 것 같나요?
권한이 잘못된 경우:
#ls -l /dev/tty
crw-r----- 1 root root 5, 0 Aug 23 21:47 /dev/tty
$ssh -T -vv -p 2222 <username>@127.0.0.1
[...]
debug1: read_passphrase: can't open /dev/tty: Permission denied
debug1: permanently_drop_suid: xxxx
[...]
좋은 권한이 있는 경우:
#chmod 666 /dev/tty
# ls -l /dev/tty
crw-rw-rw- 1 root root 5, 0 Aug 23 21:56 /dev/tty
[ssh client works]
답변2
나에게는 git clone
지문을 신뢰하라고 요청했습니다. 컨테이너에 있으므로 맹목적으로 신뢰하기 위해 다음과 같이 설정했습니다 StrictHostKeyChecking
.
FROM node:16
COPY "id_rsa" /root/.ssh/id_rsa
COPY "id_rsa.pub" /root/.ssh/id_rsa.pub
ENV GIT_SSH_COMMAND "ssh -v -o 'PasswordAuthentication no' '-o StrictHostKeyChecking=accept-new'"
RUN git clone [email protected]:evil/project.git
답변3
...
debug1: Server host key: ECDSA
debug1: read_passphrase: can't open /dev/tty: No such device or address
나는 이 문제(10년 후)에 와서 문제가 tty 또는 암호 문구 자체가 아니라는 것을 발견했습니다. Jenkins SSH 키는 이 기능을 통해 암호를 처리할 수 있습니다 ssh-agent
. 그러나 어쨌든 나는 이것을 테스트할 때 암호를 비활성화했습니다. 그것은 문제가 아니었습니다.
참조는 read_passphrase
"질문 코드 요청"이라는 일반 입력이어야 합니다. 나에게는 이 대화 상자를 표시하지 못했습니다.
The authenticity of host 'server.company.com (192.168.188.44)' can't be established.
RSA key fingerprint is SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo.
Are you sure you want to continue connecting (yes/no/[fingerprint])? no
서버와 연결된 모든 주소에 대한 키를 프로그래밍 방식으로 수락하려면 다음을 사용할 수 있습니다.
ssh-keyscan -p 22 `getent ahosts server.company.com | awk '$3 { print $1 " " $3 }' | sort -u` >> ~/.ssh/known_hosts