macos 将 Mac Hudson slave 连接到 Linux master 时,SSH 密钥身份验证失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4715393/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SSH Key authentication failing when connecting Mac Hudson slave to Linux master
提问by mattbilson
Ok, so I have Hudson (v1.393) running in an Ubuntu VM and everything's working fine. However I'm trying to add a Mac slave to the Ubuntu master and I've run in to a few problems.
好的,所以我在 Ubuntu VM 中运行了 Hudson (v1.393),并且一切正常。但是,我正在尝试将 Mac 从设备添加到 Ubuntu 主设备,但遇到了一些问题。
I have set up SSH keys so that from the command line, the Ubuntu VM can ssh using the key into a user called hudson on the Mac.
我已经设置了 SSH 密钥,以便从命令行,Ubuntu VM 可以使用该密钥 ssh 进入 Mac 上名为 hudson 的用户。
In the Hudson slave configuration, I have "Launch slave agents on Unix machines via SSH" selected and have entered the host IP, username of the user on the slave and the location of my private key file on the master (which has been added to the authorised keys file on the slave).
在 Hudson 从配置中,我选择了“通过 SSH 在 Unix 机器上启动从代理”并输入主机 IP、从上用户的用户名以及我在主上的私钥文件的位置(已添加到从站上的授权密钥文件)。
However, the master fails to connect to the slave. Looking at the log (below), it's trying to authenticate using a password.
但是,主站无法连接到从站。查看日志(如下),它正在尝试使用密码进行身份验证。
Is this a fall back for a failed key based SSH attempt?
Is Hudson only trying to authenticate using a password, and I need to change something else to get it to use the key file which is defined in the configuration?
Is it just not possible to launch slave agents via ssh on a mac? (I know the name of this type of slave launch method explicity states Unix, but I was thinking (read: hoping) that it would work with OS X too)
这是基于失败的基于密钥的 SSH 尝试的回退吗?
Hudson 是否仅尝试使用密码进行身份验证,而我需要更改其他内容以使其使用配置中定义的密钥文件?
是不是无法在 Mac 上通过 ssh 启动从代理?(我知道这种类型的从属启动方法的名称明确说明了 Unix,但我在想(阅读:希望)它也适用于 OS X)
Log
日志
[01/14/11 10:38:07] [SSH] Opening SSH connection to 10.0.1.188:22.
[01/14/11 10:38:07] [SSH] Authenticating as hudson/******.
java.io.IOException: Password authentication failed.
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePassword(AuthenticationManager.java:319)
at com.trilead.ssh2.Connection.authenticateWithPassword(Connection.java:314)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:565)
at hudson.plugins.sshslaves.SSHLauncher.launch(SSHLauncher.java:179)
at hudson.slaves.SlaveComputer.call(SlaveComputer.java:184)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:636)
Caused by: java.io.IOException: Authentication method password not supported by the server at this stage.
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePassword(AuthenticationManager.java:289)
... 9 more
[01/14/11 10:38:07] [SSH] Connection closed.
If anyone has managed to conquer this type of set up before, or has any tips or ideas, I'd be very grateful! Thanks
如果有人以前设法克服了这种设置,或者有任何提示或想法,我将不胜感激!谢谢
回答by Ronen Botzer
I've recently run into the same problem, trying to launch an agent on a Mac OS X 10.6 machine using SSH.
我最近遇到了同样的问题,尝试使用 SSH 在 Mac OS X 10.6 机器上启动代理。
To get password authentication to work you'll need to edit /etc/sshd_config on the client node, setting PasswordAuthentication yes
要使密码身份验证工作,您需要在客户端节点上编辑 /etc/sshd_config,设置 PasswordAuthentication yes
In the Hudson dashboard take the node offline, make sure the configuration has a valid username and password, and launch the agent. Also make sure that the Remote FS rootdirectory is owned by the build user you're connecting as.
在 Hudson 仪表板中使节点脱机,确保配置具有有效的用户名和密码,然后启动代理。还要确保远程 FS 根目录归您连接的构建用户所有。
For password-less ssh authentication, first check which user the Hudson master is running as. Lets assume that this is tomcat55. Generate a public/private SSH key pair (with an empty passphrase), then verify that the Hudson user can connect.
对于无密码 ssh 身份验证,首先检查 Hudson 主服务器以哪个用户身份运行。让我们假设这是tomcat55。生成公共/私有 SSH 密钥对(使用空密码),然后验证 Hudson 用户是否可以连接。
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tomcat55/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/tomcat55/.ssh/id_rsa.
Your public key has been saved in /home/tomcat55/.ssh/id_rsa.pub.
$ # authorize the hudson master on the hudson node
$ scp /home/tomcat55/.ssh/id_rsa.pub hudson@macnode:~/.ssh/authorized_keys
$ # test the connection
$ ssh -i /home/tomcat55/.ssh/id_rsa hudson@macnode
On the Hudson mac node, the /etc/sshd_config needs to allow for password-less access.
在 Hudson mac 节点上,/etc/sshd_config 需要允许无密码访问。
Protocol 2
PubkeyAuthentication yes
In the node configuration clear the password field, and set the private key field (in this example it is /home/tomcat55/.ssh/id_rsa). You should now be able to launch the agent:
在节点配置中清除密码字段,并设置私钥字段(在本例中为/home/tomcat55/.ssh/id_rsa)。您现在应该能够启动代理:
[01/19/11 22:38:44] [SSH] Opening SSH connection to macnode:22.
[01/19/11 22:38:44] [SSH] Authenticating as hudson with /home/tomcat55/.ssh/id_rsa.
[01/19/11 22:38:45] [SSH] Authentication successful.
回答by Satya
Check the /var/log/auth.log file on the Ubuntu machine. I'm betting you need to chmod 700 the .ssh directory of the hudson user.
检查 Ubuntu 机器上的 /var/log/auth.log 文件。我敢打赌你需要 chmod 700 hudson 用户的 .ssh 目录。
回答by newz2000
I think the first answer (the selected one) is an awesome answer, but I did find a case where it is not the only solution.
我认为第一个答案(选定的答案)是一个很棒的答案,但我确实找到了一个不是唯一解决方案的案例。
In my case I have a Mac OS slave that was working and then I took that Mac down and brought up a new one. I thought I could just tweak the settings for the existing node's configuration to point it at the new Mac. It didn't work and I had all the same errors and problems described throughout this message thread.
就我而言,我有一个正在运行的 Mac OS 从属设备,然后我将那台 Mac 取下并带来了一个新的。我以为我可以调整现有节点配置的设置以将其指向新的 Mac。它没有用,我遇到了整个消息线程中描述的所有相同的错误和问题。
Then I went in and deleted the node and recreated it with exactly the same settings and it worked. I suspectthat SSH key fingerprint changed and by deleting the node and recreating it I was able to get it working. Whatever it is, the key component that caused it to fail is not a configuration option.
然后我进入并删除了节点并使用完全相同的设置重新创建它并且它起作用了。我怀疑SSH 密钥指纹已更改,通过删除节点并重新创建它,我能够使其正常工作。不管是什么,导致它失败的关键组件不是配置选项。
