帽子使用管理员而不是ec2-user [英] cap uses admin instead of ec2-user

查看:183
本文介绍了帽子使用管理员而不是ec2-user的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试为我的ROR网站做一个cap ec2onrails:setup到一个EC2实例(亚马逊图像),但验证不断要求我密码,无论我做什么。我已经尝试了在这个和/或其他论坛读过的任何东西:




  • 将公钥从〜/ .ssh复制到ec2 -user @_。sa-east-1.compute.amazonaws.com:/home/ec2-user/.ssh/authorized_keys2(或authorized_keys)

  • 使用Amazon Management Console生成私钥然后将公钥从服务器复制到我的机器

  • 使用ssh-add -l <​​/ li>
  • 添加任何这些密钥,使用ssh生成新密钥-keychain

  • 使用我机器中已经存在的公用/私有密钥(id_rsa& id_rsa.pub)

  • 命名上述按钮^^约定

  • chmod 400为〜/ .ssh中的密钥

  • 将密钥移动到〜/ .ec2

  • 设置环境变量,如这里



注意:




  • 使用ssh连接到服务器AWS .pem键只能
    精细

  • 如何在ssh_options中设置keys值,
    Capistrano总是似乎忽略它。但是,它不会忽略ssh-add -l中列出的



这是我如何设置关键路径

  set:ssh_options,{:keys => [/Users/dalef/.ssh/pk]}

这是我最新的输出代码测试,使用详细输出

  Damians-MacBook-Pro:test dalef $ cap ec2onrails:setup 
 [Deprecated Warning]该API已更改,请钩住`deploy:create_symlink`而不是`deploy:symlink`。 
 * 2013-03-20 20:10:52执行`ec2onrails:setup'
 * 2013-03-20 20:10:52执行`ec2onrails:server:update_hostname'
 *执行sudo -psudo password:'/ usr / local / ec2onrails / bin / update_hostname
 servers:[___.sa-east-1.compute.amazonaws.com] 
 D,[ 2013-03-20T20:10:52.471872#2647] DEBUG  -  net.ssh.transport.session [3fe825c3c40c]:建立连接到___.sa-east-1.compute.amazonaws.com:22 
 D, [2013-03-20T20:10:52.539934#2647] DEBUG  -  net.ssh.transport.session [3fe825c3c40c]:建立连接
 I,[2013-03-20T20:10:52.540236#2647] INFO  -  -  net.ssh.transport.server_version [3fe825c45728]:协商协议版本
 D,[2013-03-20T20:10:52.591866#2647] DEBUG  -  net.ssh.transport.server_version [3fe825c45728]:remote is `SSH-2.0-OpenSSH_5.3'
 D,[2013-03-20T20:10:52.591965#2647] DEBUG  -  net.ssh.transport.server_version [3fe825c45728]:本地是`SSH-2.0-Ruby /Net::SSH_2.6.6 x86_64-darwin12.2.0'
 D,[2013 -03-20T20:10:52.635419#2647] DEBUG  -  tcpsocket [3fe825c40570]:读取784字节
 D,[2013-03-20T20:10:52.635555#2647] DEBUG  -  tcpsocket [3fe825c40570]:接收分组nr 0类型20 len 780 
 I,[2013-03-20T20:10:52.635654#2647] INFO  -  net.ssh.transport.algorithms [3fe825c484dc]:从服务器
 I获取KEXINIT, [2013-03-20T20:10:52.635844#2647] INFO  -  net.ssh.transport.algorithms [3fe825c484dc]:发送KEXINIT 
 D,[2013-03-20T20:10:52.636042#2647]调试 -  -  tcpsocket [3fe825c40570]:queuing packet nr 0 type 20 len 1620 
 D,[2013-03-20T20:10:52.636141#2647] DEBUG  -  tcpsocket [3fe825c40570]:发送1624个字节
 I, [2013-03-20T20:10:52.636196#2647] INFO  -  net.ssh.transport.algorithms [3fe825c484dc]:协商算法
 D,[2013-03-20T20:10:52.636319#2647]调试 -  -  net.ssh.transport.algorithms [3fe825c484dc]:negotiiated:
 * kex:diffie-hellman-group-exchange-sha1 
 * host_key:ssh-rsa 
 * encryption_server:aes128-cbc 
 * encryption_client:aes12 8-cbc 
 * hmac_client:hmac-sha1 
 * hmac_server:hmac-sha1 
 * compression_client:none 
 * compression_server:none 
 * language_client:
 * language_server:
 D,[2013-03-20T20:10:52.636373#2647] DEBUG  -  net.ssh.transport.algorithms [3fe825c484dc]:交换密钥
 D,[2013-03-20T20 :10:52.636563#2647] DEBUG  -  tcpsocket [3fe825c40570]:queuing packet nr 1 type 34 len 20 
 D,[2013-03-20T20:10:52.636613#2647] DEBUG  -  tcpsocket [3fe825c40570]:发送24个字节
 D,[2013-03-20T20:10:52.738438#2647] DEBUG  -  tcpsocket [3fe825c40570]:读取152字节
 D,[2013-03-20T20:10:52.738637# 2647] DEBUG  -  tcpsocket [3fe825c40570]:接收数据包nr 1类型31 len 148 
 D,[2013-03-20T20:10:52.744324#2647] DEBUG  -  tcpsocket [3fe825c40570]:排队数据包nr 2类型32 len 140 
 D,[2013-03-20T20:10:52.744468#2647] DEBUG  -  tcpsocket [3fe825c40570]:发送144个字节
 D,[2013-03-20T20:10:52.790733# 2647] DEBUG  -  tcpsocket [3fe825c40570]:读取720字节
 D,[2013-03-20T20:10:52.790938#2647] DEBUG  -  tcpsocket [3fe825c40570]:收到的数据包nr 2类型33 len 700 
 D,[2013-03-20T20:10: 52.795329#2647] DEBUG  -  tcpsocket [3fe825c40570]:queuing packet nr 3 type 21 len 20 
 D,[2013-03-20T20:10:52.795447#2647] DEBUG  -  tcpsocket [3fe825c40570]:发送24个字节
 D,[2013-03-20T20:10:52.795542#2647] DEBUG  -  tcpsocket [3fe825c40570]:收到的数据包nr 3 type 21 len 12 
 D,[2013-03-20T20:10: 52.795871#2647] DEBUG  -  net.ssh.authentication.session [3fe8262​​73f28]:开始认证`admin'
 D,[2013-03-20T20:10:52.796008#2647] DEBUG  -  tcpsocket [3fe825c40570] :queuing packet nr 4 type 5 len 28 
 D,[2013-03-20T20:10:52.796071#2647] DEBUG  -  tcpsocket [3fe825c40570]:发送52个字节
 D,[2013-03- 20T20:10:52.944233#2647] DEBUG  -  tcpsocket [3fe825c40570]:读取52字节
 D,[2013-03-20T20:10:52.944626#2647] DEBUG  -  tcpsocket [3fe825c40570]:接收数据包nr 4类型6 len 28 
 D,[2013-03-20T20:10:5 2.945125#2647] DEBUG  -  net.ssh.authentication.session [3fe8262​​73f28]:尝试publickey 
 D,[2013-03-20T20:10:52.945906#2647] DEBUG  -  net.ssh.authentication.agent [ 3fe8262​​63a88]:连接到ssh-agent 
 D,[2013-03-20T20:10:52.946221#2647] DEBUG  -  net.ssh.authentication.agent [3fe8262​​63a88]:发送代理请求1 len 51 
 D,[2013-03-20T20:10:52.946460#2647] DEBUG  -  net.ssh.authentication.agent [3fe8262​​63a88]:接收到的代理数据包2 len 5 
 D,[2013-03-20T20:10 :52.946578#2647] DEBUG  -  net.ssh.authentication.agent [3fe8262​​63a88]:发送代理请求11 len 0 
 D,[2013-03-20T20:10:52.946859#2647] DEBUG  -  net.ssh .authentication.agent [3fe8262​​63a88]:接收到的代理数据包12 len 294 
 D,[2013-03-20T20:10:52.947478#2647] DEBUG  -  net.ssh.authentication.methods.publickey [3fe8262​​63fd8]:尝试公开(b7:96:23:2d:21:f3:5e:dd:ba:e9:7c:7d:f5:4c:fd:0c)
 D,[2013-03-20T20:10:52.947821 #2647] DEBUG  -  tcpsocket [3fe825c40570]:queuing packet nr 5 type 50 le n 348 
 D,[2013-03-20T20:10:52.947994#2647] DEBUG  -  tcpsocket [3fe825c40570]:发送372个字节
 D,[2013-03-20T20:10:52.993286#2647 ] DEBUG  -  tcpsocket [3fe825c40570]:读取52字节
 D,[2013-03-20T20:10:52.993497#2647] DEBUG  -  tcpsocket [3fe825c40570]:接收数据包nr 5类型51 len 28 
 D,[2013-03-20T20:10:52.993717#2647] DEBUG  -  net.ssh.authentication.session [3fe8262​​73f28]:allowed methods:publickey 
 D,[2013-03-20T20:10:52.993904 #2647] DEBUG  -  net.ssh.authentication.methods.publickey [3fe8262​​63fd8]:尝试publickey(40:2c:20:e7:0c:f4:65:32:76:7c:39:5e:83:84: 70:b2)
 D,[2013-03-20T20:10:52.994095#2647] DEBUG  -  tcpsocket [3fe825c40570]:queuing packet nr 6 type 50 len 348 
 D,[2013-03- 20T20:10:52.994202#2647] DEBUG  -  tcpsocket [3fe825c40570]:发送372个字节
 D,[2013-03-20T20:10:53.035308#2647] DEBUG  -  tcpsocket [3fe825c40570]:读取52个字节
 D,[2013-03-20T20:10:53.035556#2647] DEBUG  -  tcpsocket [3fe825c40570]:接收数据包nr 6 typ e 51 len 28 
 D,[2013-03-20T20:10:53.035693#2647] DEBUG  -  net.ssh.authentication.session [3fe8262​​73f28]:允许的方法:publickey 
 E,[2013- 03-20T20:10:53.035782#2647]错误 -  net.ssh.authentication.session [3fe8262​​73f28]:所有授权方法失败(尝试publickey)
密码:
  / pre> 
 
 
这是我最新测试的密钥列表(只是我从服务器检索到的密钥)
  Damians-MacBook-Pro:test dalef $ ssh-add -l 
 2048 b7:96:23:2d:21:f3:5e:dd:ba:e9:7c :7d:f5:4c:fd:0c pk(RSA)
  
 ?我很接近尝试基于密码的身份验证。
 
 
 
谢谢!! 
 
 
 
 更新 
 
 
 
仍在尝试替代方案。我还确保我使用正确的密钥与AWS键指纹和$ _ 
 
 
 从亚马逊:
 dalef 90:04:34:df:75:cc:9c:f0:90 :4f:77:17:98:ee:ec:c1:95:d9:f6:14 
 
 Damians-MacBook-Pro:.ssh dalef $ ec2-fingerprint-key dalef 
 90:04:34:df:75:cc:9c:f0:90:4f:77:17:98:ee:ec:c1:95:d9:f6:14 
 Damians-MacBook-Pro: ssh dalef $ ssh-add dalef 
添加身份:dalef(dalef)
 Damians-MacBook-Pro:.ssh dalef $ ssh-add -l 
 2048 40:2c:20:e7: 0c:f4:65:32:76:7c:39:5e:83:84:70:b2 id_rsa(RSA)
 2048 e6:02:1a:a4:2a:f9:63:4a:b7: de:66:60:f2:fa:0c:b4 dalef(RSA)
 
 
 [ec2-user @___ .ssh] $ cat authorized_keys 
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcfgMIAbEfNAiSgi4zXsObR1zGPHzVbff2suB / J2rLVgr5XNfLhf + kTRzTij0IWsutYj45j / eI87xC912WYtNG2An8262JwqRJZfwbnfDHMjwPQRwlDNjgGWRZwl8x9HO1V7EmBCaEEpeXg0ogbdhM386f / TTdWdUOofSqTEjuN2Nk73OHirPAj7MuWSGwGAwKCS4In2KbGAP / hk0c / PsCx52J + zjp2lteEaA9qWIovQggRw73dAqV ++ czMwCx2 + 7GMGxGx21fgSH4cYZ7Q6XxAxBkmsO7yoKZHUFj5QobSJ1TVh7N / 61bFInt6Ua6btTXC7jwaATzkOBkv / rwLgtN ** ** dalef 
  
仍然要求输入密码。
 
 
 
 更新 
我的设置一定是真的错了。我尝试允许密码连接,但也不行。我需要开始考虑Capistrano替代方案吗?
 
 
 
这是日志
  [ec2-user @___〜] $ sudo vi / etc / ssh / sshd_config 
 PasswordAuthentication是
 [ec2-user @___〜] $ sudo passwd ec2-user 
更改用户ec2-user的密码。 
新密码:
重新输入新密码:
 passwd:所有身份验证令牌更新成功。 
 [ec2-user @___〜] $ exit 
 ... 
 E,[2013-03-21T00:31:02.582111#3739]错误 -  net.ssh.authentication.session [3fd0f6e21178]:所有授权方法失败(尝试密码)
连接失败:admin@___.sa-east-1.compute.amazonaws.com(Net :: SSH :: AuthenticationFailed:admin)
  
 从这些日志中我假设Capistrano正试图以admin身份登录。如何将其更改为ec2-user?(我已经尝试在deploy.rb中设置:user,ec2-user)
解决方案
经过很多阅读,我找到了解决方案。这使我指出了正确的方向: https://serverfault.com/问题/ 55343 / cant-get-ssh-public-key-authentication-to-work  
 
 
 
主要问题是我不知道我是正在做。所以无论如何,如果有人对我想出的解决方案感兴趣:
 
 
 
     
     
  • 不知何故Capistrano总是使用管理员用户,除了你设置的,所以我创造了一个。您可以继续执行以下步骤: http://aws.amazon.com/articles/1233 
    •  
     
  • 我使用ssh-keygen -b 1024 -f ec2admin -t dsa 
    •  
     
  • 创建了我自己的一组公钥/私钥我复制了ec2admin.pub文件到服务器中的/home/admin/.ssh,使用scp 
    •  
     
  • 我将pub内容附加到服务器中的/home/admin/.ssh/authorized_keys文件中
    •  
     
  • 然后它真的帮助读取sshd日志:/ var / log / secure(YMMV)
    •  
     
  •  
    最后解决了三个错误/ home> 
     
     
     
     chmod 700 /home/.ssh 
     
     
     
     chmod 600 /home/.ssh/ * 
     
     
     
     chmod 755 / home / admin 
     
    •  
     
 
 
 
那就是诀窍。我现在可以登录没有密码。感谢您的帮助!
 
I'm trying to do a "cap ec2onrails:setup" for my ROR website to an EC2 instance (Amazon image) but authentication keeps asking me for a password no matter what I do. I've tried almost anything I've read in this and/or other forums:



    

  • copy public key from ~/.ssh to ec2-user@_.sa-east-1.compute.amazonaws.com:/home/ec2-user/.ssh/authorized_keys2 (or authorized_keys)
    • 

  • generate private key using Amazon Management Console and then copying the public key from the server to my machine
    • 

  • adding any of these keys using ssh-add -l
    • 

  • generating new keys using ssh-keychain
    • 

  • using the public/private set of keys already in my machine (id_rsa & id_rsa.pub)
    • 

  • naming the keys following the above ^^ convention
    • 

  • chmod 400 for the keys in ~/.ssh
    • 

  • moving the keys to ~/.ec2
    • 

  • setting environment vars like stated here 
    • 




Notes:



    

  • Connecting to the server using ssh and the AWS .pem key works just
fine
    • 

  • It doesn't matter how I set the "keys" value in "ssh_options",
Capistrano always seems to ignore it. However, it doesn't ignore the
keys listed in ssh-add -l
    • 




Here's how I try to set the key path
set :ssh_options, {:keys => ["/Users/dalef/.ssh/pk"]}

Here's the output code from my latest test, using verbose output
Damians-MacBook-Pro:test dalef$ cap ec2onrails:setup
[Deprecation Warning] This API has changed, please hook `deploy:create_symlink` instead of `deploy:symlink`.
  * 2013-03-20 20:10:52 executing `ec2onrails:setup'
  * 2013-03-20 20:10:52 executing `ec2onrails:server:update_hostname'
  * executing "sudo -p 'sudo password: ' /usr/local/ec2onrails/bin/update_hostname"
    servers: ["___.sa-east-1.compute.amazonaws.com"]
D, [2013-03-20T20:10:52.471872 #2647] DEBUG -- net.ssh.transport.session[3fe825c3c40c]: establishing connection to ___.sa-east-1.compute.amazonaws.com:22
D, [2013-03-20T20:10:52.539934 #2647] DEBUG -- net.ssh.transport.session[3fe825c3c40c]: connection established
I, [2013-03-20T20:10:52.540236 #2647]  INFO -- net.ssh.transport.server_version[3fe825c45728]: negotiating protocol version
D, [2013-03-20T20:10:52.591866 #2647] DEBUG -- net.ssh.transport.server_version[3fe825c45728]: remote is `SSH-2.0-OpenSSH_5.3'
D, [2013-03-20T20:10:52.591965 #2647] DEBUG -- net.ssh.transport.server_version[3fe825c45728]: local is `SSH-2.0-Ruby/Net::SSH_2.6.6 x86_64-darwin12.2.0'
D, [2013-03-20T20:10:52.635419 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 784 bytes
D, [2013-03-20T20:10:52.635555 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 0 type 20 len 780
I, [2013-03-20T20:10:52.635654 #2647]  INFO -- net.ssh.transport.algorithms[3fe825c484dc]: got KEXINIT from server
I, [2013-03-20T20:10:52.635844 #2647]  INFO -- net.ssh.transport.algorithms[3fe825c484dc]: sending KEXINIT
D, [2013-03-20T20:10:52.636042 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 0 type 20 len 1620
D, [2013-03-20T20:10:52.636141 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 1624 bytes
I, [2013-03-20T20:10:52.636196 #2647]  INFO -- net.ssh.transport.algorithms[3fe825c484dc]: negotiating algorithms
D, [2013-03-20T20:10:52.636319 #2647] DEBUG -- net.ssh.transport.algorithms[3fe825c484dc]: negotiated:
* kex: diffie-hellman-group-exchange-sha1
* host_key: ssh-rsa
* encryption_server: aes128-cbc
* encryption_client: aes128-cbc
* hmac_client: hmac-sha1
* hmac_server: hmac-sha1
* compression_client: none
* compression_server: none
* language_client: 
* language_server: 
D, [2013-03-20T20:10:52.636373 #2647] DEBUG -- net.ssh.transport.algorithms[3fe825c484dc]: exchanging keys
D, [2013-03-20T20:10:52.636563 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 1 type 34 len 20
D, [2013-03-20T20:10:52.636613 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 24 bytes
D, [2013-03-20T20:10:52.738438 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 152 bytes
D, [2013-03-20T20:10:52.738637 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 1 type 31 len 148
D, [2013-03-20T20:10:52.744324 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 2 type 32 len 140
D, [2013-03-20T20:10:52.744468 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 144 bytes
D, [2013-03-20T20:10:52.790733 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 720 bytes
D, [2013-03-20T20:10:52.790938 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 2 type 33 len 700
D, [2013-03-20T20:10:52.795329 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 3 type 21 len 20
D, [2013-03-20T20:10:52.795447 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 24 bytes
D, [2013-03-20T20:10:52.795542 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 3 type 21 len 12
D, [2013-03-20T20:10:52.795871 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: beginning authentication of `admin'
D, [2013-03-20T20:10:52.796008 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 4 type 5 len 28
D, [2013-03-20T20:10:52.796071 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 52 bytes
D, [2013-03-20T20:10:52.944233 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes
D, [2013-03-20T20:10:52.944626 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 4 type 6 len 28
D, [2013-03-20T20:10:52.945125 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: trying publickey
D, [2013-03-20T20:10:52.945906 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: connecting to ssh-agent
D, [2013-03-20T20:10:52.946221 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: sending agent request 1 len 51
D, [2013-03-20T20:10:52.946460 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: received agent packet 2 len 5
D, [2013-03-20T20:10:52.946578 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: sending agent request 11 len 0
D, [2013-03-20T20:10:52.946859 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: received agent packet 12 len 294
D, [2013-03-20T20:10:52.947478 #2647] DEBUG -- net.ssh.authentication.methods.publickey[3fe826263fd8]: trying publickey (b7:96:23:2d:21:f3:5e:dd:ba:e9:7c:7d:f5:4c:fd:0c)
D, [2013-03-20T20:10:52.947821 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 5 type 50 len 348
D, [2013-03-20T20:10:52.947994 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 372 bytes
D, [2013-03-20T20:10:52.993286 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes
D, [2013-03-20T20:10:52.993497 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 5 type 51 len 28
D, [2013-03-20T20:10:52.993717 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: allowed methods: publickey
D, [2013-03-20T20:10:52.993904 #2647] DEBUG -- net.ssh.authentication.methods.publickey[3fe826263fd8]: trying publickey (40:2c:20:e7:0c:f4:65:32:76:7c:39:5e:83:84:70:b2)
D, [2013-03-20T20:10:52.994095 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 6 type 50 len 348
D, [2013-03-20T20:10:52.994202 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 372 bytes
D, [2013-03-20T20:10:53.035308 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes
D, [2013-03-20T20:10:53.035556 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 6 type 51 len 28
D, [2013-03-20T20:10:53.035693 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: allowed methods: publickey
E, [2013-03-20T20:10:53.035782 #2647] ERROR -- net.ssh.authentication.session[3fe826273f28]: all authorization methods failed (tried publickey)
Password:

Here's my list of keys for this latest test (just the one I retrieved from the server)
Damians-MacBook-Pro:test dalef$ ssh-add -l
2048 b7:96:23:2d:21:f3:5e:dd:ba:e9:7c:7d:f5:4c:fd:0c pk (RSA)

Is there anything I'm missing? I'm this close to trying password based authentication.



Thanks!!



Update



Still trying alternatives. I've also made sure I'm using the right key by comparing against AWS key fingerprint & authorized_keys 
From Amazon:
dalef 90:04:34:df:75:cc:9c:f0:90:4f:77:17:98:ee:ec:c1:95:d9:f6:14

Damians-MacBook-Pro:.ssh dalef$ ec2-fingerprint-key dalef
90:04:34:df:75:cc:9c:f0:90:4f:77:17:98:ee:ec:c1:95:d9:f6:14
Damians-MacBook-Pro:.ssh dalef$ ssh-add dalef
Identity added: dalef (dalef)
Damians-MacBook-Pro:.ssh dalef$ ssh-add -l
2048 40:2c:20:e7:0c:f4:65:32:76:7c:39:5e:83:84:70:b2 id_rsa (RSA)
2048 e6:02:1a:a4:2a:f9:63:4a:b7:de:66:60:f2:fa:0c:b4 dalef (RSA)


[ec2-user@___ .ssh]$ cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcfgMIAbEfNAiSgi4zXsObR1zGPHzVbff2suB/J2rLVgr5XNfLhf+kTRzTij0IWsutYj45j/eI87xC912WYtNG2An8262JwqRJZfwbnfDHMjwPQRwlDNjgGWRZwl8x9HO1V7EmBCaEEpeXg0ogbdhM386f/TTdWdUOofSqTEjuN2Nk73OHirPAj7MuWSGwGAwKCS4In2KbGAP/hk0c/PsCx52J+zjp2lteEaA9qWIovQggRw73dAqV++czMwCx2+7GMGxGx21fgSH4cYZ7Q6XxAxBkmsO7yoKZHUFj5QobSJ1TVh7N/61bFInt6Ua6btTXC7jwaATzkOBkv/rwLgtN **dalef**

Still asks for password.



Update
Something must be really wrong with my setup. I tried allowing password connections but that doesn't work either. Do I need to start thinking of a Capistrano-alternative?



Here's the log
[ec2-user@___ ~]$ sudo vi /etc/ssh/sshd_config 
PasswordAuthentication yes
[ec2-user@___ ~]$ sudo passwd ec2-user
Changing password for user ec2-user.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[ec2-user@___ ~]$ exit
...
E, [2013-03-21T00:31:02.582111 #3739] ERROR -- net.ssh.authentication.session[3fd0f6e21178]: all authorization methods failed (tried password)
connection failed for: admin@___.sa-east-1.compute.amazonaws.com (Net::SSH::AuthenticationFailed: admin)

From these logs what I assume is that Capistrano is trying to login as admin. How can I change that to ec2-user? (I've tried set :user, "ec2-user" in deploy.rb)
 解决方案 
So after a lot of reading, I found the solution. This pointed me in the right direction: https://serverfault.com/questions/55343/cant-get-ssh-public-key-authentication-to-work



The main issue was that I didn't know what I was doing. So anyway if someone is interested in the solution I came up with:



    

  • Somehow Capistrano always uses an admin user, besides the one you setup, so I created one. You can go ahead and follow these steps: http://aws.amazon.com/articles/1233
    • 

  • I created my own set of pub/private keys using ssh-keygen -b 1024 -f ec2admin -t dsa 
    • 

  • I copied the ec2admin.pub file to /home/admin/.ssh in the server, by using scp
    • 

  • I appended the pub contents to the /home/admin/.ssh/authorized_keys file in the server
    • 

  • Then it really helped to read the sshd log at: /var/log/secure (YMMV)
    • 

  • And finally solved three faulty permissions at /home:
    


    chmod 700 /home/.ssh
    


    chmod 600 /home/.ssh/*
    


    chmod 755 /home/admin
    • 




And that did the trick. I can now login without a password. Thanks for your help!


                        
这篇关于帽子使用管理员而不是ec2-user的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆