安裝並手動執行鑰匙串

安裝並手動執行鑰匙串

我想在使用parallel-ssh(和相關工具)執行任務時使用受密碼保護的 SSH 金鑰。但是,我無法讓它發揮作用。

所有有關的文件都parallel-ssh表明我應該能夠使用--askpass-A執行此操作:

-A
--askpass
      Prompt  for  a  password  and pass it to ssh.  The password may be 
      used for either to unlock a key or for password authentication.  The 
      password is transferred in a fairly secure manner (e.g., it will not 
      show up in argument lists).  However, be aware that a root user on 
      your system could potentially intercept the password.

但是,當我輸入密鑰的密碼時,它不起作用:

$ parallel-ssh --hosts=machines --user=my_user --askpass \
    --timeout=0 --inline -v 'sudo apt-get update'
Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password: 
[1] 09:59:36 [FAILURE] amritiii Exited with error code 255
Stderr: Enter passphrase for key '/home/nhaigh/.ssh/id_rsa': 
Permission denied (publickey,password).
[2] 09:59:37 [FAILURE] gbdev Exited with error code 255
Stderr: Enter passphrase for key '/home/nhaigh/.ssh/id_rsa': 
Permission denied (publickey,password).
[3] 09:59:37 [FAILURE] code Exited with error code 255
Stderr: Enter passphrase for key '/home/nhaigh/.ssh/id_rsa': 
Permission denied (publickey,password).
[4] 09:59:37 [FAILURE] apollo Exited with error code 255
Stderr: Enter passphrase for key '/home/nhaigh/.ssh/id_rsa': 
Permission denied (publickey,password).
[5] 09:59:37 [FAILURE] odin Exited with error code 255
Stderr: Enter passphrase for key '/home/nhaigh/.ssh/id_rsa': 
Permission denied (publickey,password).
[6] 09:59:37 [FAILURE] hathor Exited with error code 255
Stderr: Enter passphrase for key '/home/nhaigh/.ssh/id_rsa': 
Permission denied (publickey,password).
[7] 09:59:37 [FAILURE] ldap Exited with error code 255
Stderr: Enter passphrase for key '/home/nhaigh/.ssh/id_rsa': 
Permission denied (publickey,password).
[8] 09:59:37 [FAILURE] thor Exited with error code 255
Stderr: Enter passphrase for key '/home/nhaigh/.ssh/id_rsa': 
Permission denied (publickey,password).
[9] 09:59:37 [FAILURE] bioserver Exited with error code 255
Stderr: Enter passphrase for key '/home/nhaigh/.ssh/id_rsa': 
Permission denied (publickey,password).

我已經確認我的 SSH 金鑰和密碼在每台機器上都有效,所以我不知道如何讓它工作。

答案1

假設 和parallel-sshpssh等效的,那麼是的,您嘗試做的事情應該可以很好地在使用開關時通過管道傳輸密碼-A

例子

這是我連接到 2 個不同系統的範例,host1並且host2.我使用-l開關來pssh提供 的預設使用者root。但是,我透過將主機名稱指定為 來host2在交換器中覆寫此設定。-Huser1@host2

$ pssh -A -i -H "host1 user1@host2" -l root 'echo "hi"'
Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password: 
[1] 21:38:00 [SUCCESS] user1@host2
hi
Stderr: 
This is a private site.  Unauthorized connections are prohibited.  
All activity may be logged.  Disconnect immediately if you object to 
this policy or are not an authorized user.

X11 forwarding request failed on channel 1
Killed by signal 1.
[2] 21:38:00 [SUCCESS] host1
hi
Stderr: 
This is a private site.  Unauthorized connections are prohibited.  
All activity may be logged.  Disconnect immediately if you object to 
this policy or are not an authorized user.

ControlSocket /home/user1/.ssh/[email protected]:22 already exists, disabling multiplexing
X11 forwarding request failed on channel 0
Killed by signal 1.

當上述工作正常時,您會注意到我正在運行的命令的輸出echo "hi"

你的問題

您在 SSH 金鑰對上遇到的密碼問題是因為錯誤造成的。這個錯誤的標題是:問題 80:未傳遞密碼?。該問題的第四條評論顯示了一個補丁:

摘抄

#4[電子郵件受保護]

我將線路更改為

  if not ( prompt.strip().lower().endswith('password:') or 
        'enter passphrase for key' in prompt.strip().lower()):

這似乎有效

參考

答案2

keychain我設法通過安裝而不是手動修補來使其工作漏洞引起我的問題。

安裝並手動執行鑰匙串

# install keychain package
$ sudo apt-get install keychain

# add my key to the keychain, entering passphrase when asked
$ keychain ~/.ssh/id_rsa

# source the file generated by the above command
$ . ~/.keychain/$(uname -n)-sh

無需輸入密碼/密碼短語即可運行命令

現在,這次我在呼叫時不需要密碼,parallel-ssh因為鑰匙圈負責身份驗證:

$ parallel-ssh --hosts=machines --user=my_user --timeout=0 'sudo apt-get update'
[1] 14:52:15 [SUCCESS] amritiii 
[2] 14:52:17 [SUCCESS] odin
[3] 14:52:25 [SUCCESS] gmod
[4] 14:53:11 [SUCCESS] bioserver
[5] 14:53:14 [SUCCESS] thor
[6] 14:53:14 [SUCCESS] apollo
[7] 14:53:16 [SUCCESS] gbdev
[8] 14:53:17 [SUCCESS] code
[9] 14:53:18 [SUCCESS] hathor
[10] 14:53:34 [SUCCESS] ldap

登入時執行鑰匙串

無需手動運行並將密鑰添加到鑰匙串,只需將以下內容添加到您的末尾~/.bash_profile

$ keychain --clear $HOME/.ssh/id_rsa
$ . $HOME/.keychain/$(uname -n)-sh

這可確保在重新啟動後首次登入時,系統會提示您輸入金鑰的密碼。然後,您的金鑰將保留在鑰匙圈中,直到下次重新啟動或您手動清除鑰匙圈為止。

使用鑰匙圈的 Cron 作業

將上述內容輸入到您的~/.bash_profile檔案後,您可以透過在執行 cronjob 之前對相同檔案進行排序來利用您的金鑰現在儲存在鑰匙圈中的事實。例如,我有一個備份腳本,每天晚上 21:00 運行,並透過 SSH 將內容複製到遠端電腦。這是我的 crontab () 中的一個條目crontab -e

 0 21 * * * . $HOME/.keychain/$(uname -n)-sh; $HOME/backup_script.sh

答案3

使用ssh代理自動進行身份驗證(使用 shell 名稱作為參數,在新 shell 中設定代理環境變數)。新增密鑰ssh-添加並僅輸入一次密碼。

$ ssh-agent bash
$ ssh-add
Enter passphrase for /xxxx/.ssh/identity: 
$ 
$ pssh ...

相關內容