無法用 Bash 腳本中的變數取代 SSH KeyFile 和 SSH_Username

tag-icon tag-icon bash ssh ssh-agent
無法用 Bash 腳本中的變數取代 SSH KeyFile 和 SSH_Username

我在 ubuntu 20.04 上,正在運行一個 bash 腳本,我想將其移植到我的其他伺服器,但我無法同時用變數取代 Identityfile 和 ssh_username ,而不會出現 pubkey 錯誤。

首先我用來shellcheck.net驗證我的基本語法是否正確

#!/bin/bash
source_ssh_user="admin"
source_ssh_host="123.456.789.12"
connecting_keyfile="/home/username/.ssh/id_my_rsa"


#this does NOT work, but it should:

ssh -i $connecting_keyfile $source_ssh_user@$source_ssh_host

當我將-vvv標誌新增至命令時,它會驗證是否向伺服器提供了正確的 ssh 金鑰檔案:

...
...
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/username/.ssh/id_my_rsa RSA SHA256:UXXXXXXXXUx/w1dY explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Offering public key: /home/username/.ssh/id_my_rsa RSA SHA256:UGKOXXXXXXXXXx/w1dY explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

奇怪之處:

當我用這個明確定義用戶名的命令替換上面的命令時,相同的密鑰檔案變數可以完美地工作

ssh -p22 -i $connecting_keyfile username@$source_ssh_host

問題:

似乎當我用變數替換 ssh_username 時,管理我的密碼的 ssh-agent 以某種方式失去了發送密碼憑證的能力

為了管理我的密碼,我在 .bashrc 中有以下內容:

#Add passphrase to ssh-agent
SSH_ENV="$HOME/.ssh/agent-environment"

function start_agent {
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
    chmod 600 "${SSH_ENV}"
    . "${SSH_ENV}" > /dev/null
}

if [ -f "${SSH_ENV}" ]; then
    . "${SSH_ENV}" > /dev/null
    #ps ${SSH_AGENT_PID} doesn't work under cywgin
    ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
        start_agent;
    }
else
    start_agent;
fi

這在我的~/.ssh/config


Host *
    AddKeysToAgent yes
    User username
    Port 22
    IdentityFile /home/username/.ssh/id_my_rsa

相關內容