从node.js生成ssh命令时如何传递密钥文件？ [英] How to pass a key file when spawning an ssh command from node.js?

问题描述

这在我的本地终端上有效：

  ssh -i〜/ .ec2 / mykey.pem ubuntu @ ec2-yada -yada.amazonaws.com ls 
  

当然可以。但是当我使用node.js的 child_process.spawn 命令尝试相同操作时，它抱怨密钥不存在/无法访问。

  //子进程
 var childProcess = require（'child_process'）。spawn; 
 
 //使用slaveId作为键生成从属
 slaves [slaveId] = childProcess（'ssh'，[
'-i /mykey.pem'，
'ubuntu@ec2-yada.amazonaws.com'，
'ls'
]）
  

结果：

  stderr：警告：身份文件/mykey.pem无法访问：无此类文件或目录。 
 stderr：权限被拒绝（公钥）。 
  

尝试过的事情：

1. 密钥路径的变化：
   
   /actual/path/to/mykey.pem

mykey.pem （在节点项目的根目录中有文件的副本）
   
   /mykey.pem （在节点项目的根目录中带有文件的副本）
   
   〜/ .ec2.mykey.pem （




2. 运行不带ssh部分的命令，即。 childProcess（ls）; -有效。




3. chmod644 600， 400等。mykey.pem

我目前唯一的理论是传递文件引用时出现问题，我需要使用fs模块执行某事。 （？）是的，我知道那里有用于通过ssh进行ssh访问的库，但是它们使用的密码不会削减它，反正我的要求并不能真正证明一个库的合理性。

请告诉我我很愚蠢，这是可能的。

更新：

好的，所以我可以使用exec命令，如下所示：

  var childProcess = require（'child_process'）。exec; 
 slaves [slaveId] = childProcess（'ssh -i mykey.pem ubuntu@ec2-yada.amazonaws.com ls'，function（error，stdout，stderr）{...} 
  

不过，我觉得我已经因为使用 fork 具有良好的消息传递和方便的属性（我的原始实现在本地运行良好），拥有吸尘器并被告知自己完成所有工作（现在我想在远程主机上启动奴隶）。

解决方案

最近，我似乎在跳很多Brandon的评论：-)。他又说对了。当您执行 ssh -i〜/ .ec2 / mykey.pem ubuntu@ec2-yada-yada.amazonaws.com ls 时， ssh 可执行文件有四个参数： -i ，密钥文件的名称，主机的地址和命令，例如。 ls -ltr / tmp 。当它看到 -i 时，它期望 next 参数是密钥文件的名称，而不是将该名称视为的尾随子字符串。 -i 。

记住，当您生成一个程序，您无需通过外壳即可直接调用它，因此必须准确地将外壳传递给它的参数传递 之后，外壳进行任何扩展，引用等操作。当您使用 exec ，实际上是将命令行字符串传递给Shell，因此Shell为您完成了所有这些工作，包括弄清楚一个参数在哪里结束而另一个在哪里开始。 / p>

This works from my local terminal:

ssh -i ~/.ec2/mykey.pem ubuntu@ec2-yada-yada.amazonaws.com ls

Of course it does. But when I try the same using node.js' child_process.spawn command it complains that the key does not exist / can't be accessed.

// child process
var childProcess = require('child_process').spawn;

// spawn the slave using slaveId as the key
slaves[slaveId] = childProcess('ssh', [
    '-i /mykey.pem',
    'ubuntu@ec2-yada.amazonaws.com',
    'ls'
])  

Result:

stderr: Warning: Identity file  /mykey.pem not accessible: No such file or directory.  
stderr: Permission denied (publickey).

Things tried:

1. Variations on the path to key:
   /actual/path/to/mykey.pem
mykey.pem (with a copy of the file in the root of the node project)
   /mykey.pem (with a copy of the file in the root of the node project)
   ~/.ec2.mykey.pem (where it should be)

2. Running the command without the ssh part, ie. childProcess(ls); - works.

3. chmod 644, 600, 400 etc. mykey.pem

My only theory at this point is there is an issue with passing a file reference in and I need to do something using the fs module. (?) And yes, I know there are libraries out there for ssh access with node but they use passwords which won't cut it and anyway, my requirements don't really justify a library.

Please tell me I'm being stupid and that this is possible.

UPDATE:

OK, so I can use the exec command like this:

var childProcess = require('child_process').exec;
slaves[slaveId] = childProcess('ssh -i mykey.pem ubuntu@ec2-yada.amazonaws.com ls',  function (error, stdout, stderr) {...}

Still, I feel like I've been downgraded from creating a true slave using fork with all it's nice messaging and handy properties (my original implementation which runs fine locally) to having a vacuum cleaner and being told to do all the work myself (now that I want to launch slaves on remote hosts).

解决方案

I seem to be jumping Brandon's comments a lot lately :-). He's right again. When you execute ssh -i ~/.ec2/mykey.pem ubuntu@ec2-yada-yada.amazonaws.com ls, the ssh executable, in this case, gets four arguments: -i, the name of your key file, the address of the host and the command, eg. ls -ltr /tmp. When it sees a -i it expects the next argument to be the name of the key file, not to see the name as a trailing substring of the -i.

Remember that when you spawn a program, you invoke it directly without going through the shell, so you have to pass it exactly the arguments the shell would have passed it after the shell did any expansion, quoting, etc. When you use exec, you're actually passing a command-line string to the shell, so the shell does all that stuff for you, including figuring out where one arguments ends and another begins.

这篇关于从node.js生成ssh命令时如何传递密钥文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！