顶盖采用EC2用户的管理，而不是 [英] cap uses admin instead of ec2-user

问题描述

我试图做一个帽ec2onrails：设置我的ROR网站到一个EC2实例（亚马逊的图像），但认证不停地问我输入密码，无论我做什么。我已经试过几乎所有的东西我读过这个和/或其他论坛：

I'm trying to do a "cap ec2onrails:setup" for my ROR website to an EC2 instance (Amazon image) but authentication keeps asking me for a password no matter what I do. I've tried almost anything I've read in this and/or other forums:

• 从复制的〜/ .ssh公共密钥EC2用户@_。sa-east-1.compute.amazonaws.com:/home/ec2-user/.ssh/authorized_keys2（或authorized_keys中）
• 在使用Amazon管理控制台生成私钥，然后复制从服务器的公钥来我的机器
• 添加任何这些键使用SSH-添加-l
• 在生成使用ssh-钥匙扣新的密钥
• 在使用公共/私有密钥集已经在我的机器（id_rsa和放大器; id_rsa.pub）
• 命名键按照上述^^约定
• 搭配chmod 400的钥匙在〜/ .ssh
• 移动键〜/ .ec2
• 在设置环境瓦尔喜欢说这里

• copy public key from ~/.ssh to ec2-user@_.sa-east-1.compute.amazonaws.com:/home/ec2-user/.ssh/authorized_keys2 (or authorized_keys)
• generate private key using Amazon Management Console and then copying the public key from the server to my machine
• adding any of these keys using ssh-add -l
• generating new keys using ssh-keychain
• using the public/private set of keys already in my machine (id_rsa & id_rsa.pub)
• naming the keys following the above ^^ convention
• chmod 400 for the keys in ~/.ssh
• moving the keys to ~/.ec2
• setting environment vars like stated here

注：

• 连接到服务器使用ssh和AWS质子交换膜重点工作刚 细
• 在不要紧，我是如何设置的ssh_options的钥匙的价值， Capistrano的似乎总是忽略它。但是，它并没有忽视 中列出键一次ssh-add -l <​​/ li>

• Connecting to the server using ssh and the AWS .pem key works just fine
• It doesn't matter how I set the "keys" value in "ssh_options", Capistrano always seems to ignore it. However, it doesn't ignore the keys listed in ssh-add -l

下面就是我尝试设置的关键路径

Here's how I try to set the key path

set :ssh_options, {:keys => ["/Users/dalef/.ssh/pk"]}

下面是从我的最新测试输出code，使用详细输出

Here's the output code from my latest test, using verbose output

Damians-MacBook-Pro:test dalef$ cap ec2onrails:setup
[Deprecation Warning] This API has changed, please hook `deploy:create_symlink` instead of `deploy:symlink`.
  * 2013-03-20 20:10:52 executing `ec2onrails:setup'
  * 2013-03-20 20:10:52 executing `ec2onrails:server:update_hostname'
  * executing "sudo -p 'sudo password: ' /usr/local/ec2onrails/bin/update_hostname"
    servers: ["___.sa-east-1.compute.amazonaws.com"]
D, [2013-03-20T20:10:52.471872 #2647] DEBUG -- net.ssh.transport.session[3fe825c3c40c]: establishing connection to ___.sa-east-1.compute.amazonaws.com:22
D, [2013-03-20T20:10:52.539934 #2647] DEBUG -- net.ssh.transport.session[3fe825c3c40c]: connection established
I, [2013-03-20T20:10:52.540236 #2647]  INFO -- net.ssh.transport.server_version[3fe825c45728]: negotiating protocol version
D, [2013-03-20T20:10:52.591866 #2647] DEBUG -- net.ssh.transport.server_version[3fe825c45728]: remote is `SSH-2.0-OpenSSH_5.3'
D, [2013-03-20T20:10:52.591965 #2647] DEBUG -- net.ssh.transport.server_version[3fe825c45728]: local is `SSH-2.0-Ruby/Net::SSH_2.6.6 x86_64-darwin12.2.0'
D, [2013-03-20T20:10:52.635419 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 784 bytes
D, [2013-03-20T20:10:52.635555 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 0 type 20 len 780
I, [2013-03-20T20:10:52.635654 #2647]  INFO -- net.ssh.transport.algorithms[3fe825c484dc]: got KEXINIT from server
I, [2013-03-20T20:10:52.635844 #2647]  INFO -- net.ssh.transport.algorithms[3fe825c484dc]: sending KEXINIT
D, [2013-03-20T20:10:52.636042 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 0 type 20 len 1620
D, [2013-03-20T20:10:52.636141 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 1624 bytes
I, [2013-03-20T20:10:52.636196 #2647]  INFO -- net.ssh.transport.algorithms[3fe825c484dc]: negotiating algorithms
D, [2013-03-20T20:10:52.636319 #2647] DEBUG -- net.ssh.transport.algorithms[3fe825c484dc]: negotiated:
* kex: diffie-hellman-group-exchange-sha1
* host_key: ssh-rsa
* encryption_server: aes128-cbc
* encryption_client: aes128-cbc
* hmac_client: hmac-sha1
* hmac_server: hmac-sha1
* compression_client: none
* compression_server: none
* language_client: 
* language_server: 
D, [2013-03-20T20:10:52.636373 #2647] DEBUG -- net.ssh.transport.algorithms[3fe825c484dc]: exchanging keys
D, [2013-03-20T20:10:52.636563 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 1 type 34 len 20
D, [2013-03-20T20:10:52.636613 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 24 bytes
D, [2013-03-20T20:10:52.738438 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 152 bytes
D, [2013-03-20T20:10:52.738637 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 1 type 31 len 148
D, [2013-03-20T20:10:52.744324 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 2 type 32 len 140
D, [2013-03-20T20:10:52.744468 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 144 bytes
D, [2013-03-20T20:10:52.790733 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 720 bytes
D, [2013-03-20T20:10:52.790938 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 2 type 33 len 700
D, [2013-03-20T20:10:52.795329 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 3 type 21 len 20
D, [2013-03-20T20:10:52.795447 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 24 bytes
D, [2013-03-20T20:10:52.795542 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 3 type 21 len 12
D, [2013-03-20T20:10:52.795871 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: beginning authentication of `admin'
D, [2013-03-20T20:10:52.796008 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 4 type 5 len 28
D, [2013-03-20T20:10:52.796071 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 52 bytes
D, [2013-03-20T20:10:52.944233 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes
D, [2013-03-20T20:10:52.944626 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 4 type 6 len 28
D, [2013-03-20T20:10:52.945125 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: trying publickey
D, [2013-03-20T20:10:52.945906 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: connecting to ssh-agent
D, [2013-03-20T20:10:52.946221 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: sending agent request 1 len 51
D, [2013-03-20T20:10:52.946460 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: received agent packet 2 len 5
D, [2013-03-20T20:10:52.946578 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: sending agent request 11 len 0
D, [2013-03-20T20:10:52.946859 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: received agent packet 12 len 294
D, [2013-03-20T20:10:52.947478 #2647] DEBUG -- net.ssh.authentication.methods.publickey[3fe826263fd8]: trying publickey (b7:96:23:2d:21:f3:5e:dd:ba:e9:7c:7d:f5:4c:fd:0c)
D, [2013-03-20T20:10:52.947821 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 5 type 50 len 348
D, [2013-03-20T20:10:52.947994 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 372 bytes
D, [2013-03-20T20:10:52.993286 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes
D, [2013-03-20T20:10:52.993497 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 5 type 51 len 28
D, [2013-03-20T20:10:52.993717 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: allowed methods: publickey
D, [2013-03-20T20:10:52.993904 #2647] DEBUG -- net.ssh.authentication.methods.publickey[3fe826263fd8]: trying publickey (40:2c:20:e7:0c:f4:65:32:76:7c:39:5e:83:84:70:b2)
D, [2013-03-20T20:10:52.994095 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 6 type 50 len 348
D, [2013-03-20T20:10:52.994202 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 372 bytes
D, [2013-03-20T20:10:53.035308 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes
D, [2013-03-20T20:10:53.035556 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 6 type 51 len 28
D, [2013-03-20T20:10:53.035693 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: allowed methods: publickey
E, [2013-03-20T20:10:53.035782 #2647] ERROR -- net.ssh.authentication.session[3fe826273f28]: all authorization methods failed (tried publickey)
Password:

下面是我为这个最新的测试（只是一个我从服务器中检索）

Here's my list of keys for this latest test (just the one I retrieved from the server)

Damians-MacBook-Pro:test dalef$ ssh-add -l
2048 b7:96:23:2d:21:f3:5e:dd:ba:e9:7c:7d:f5:4c:fd:0c pk (RSA)

有什么我失踪？我是如此接近尝试基于密码认证。

Is there anything I'm missing? I'm this close to trying password based authentication.

谢谢！

更新

仍在尝试的选择。我也确信我使用右键通过比较AWS关键指纹放大器; authorized_keys的

Still trying alternatives. I've also made sure I'm using the right key by comparing against AWS key fingerprint & authorized_keys

From Amazon:
dalef 90:04:34:df:75:cc:9c:f0:90:4f:77:17:98:ee:ec:c1:95:d9:f6:14

Damians-MacBook-Pro:.ssh dalef$ ec2-fingerprint-key dalef
90:04:34:df:75:cc:9c:f0:90:4f:77:17:98:ee:ec:c1:95:d9:f6:14
Damians-MacBook-Pro:.ssh dalef$ ssh-add dalef
Identity added: dalef (dalef)
Damians-MacBook-Pro:.ssh dalef$ ssh-add -l
2048 40:2c:20:e7:0c:f4:65:32:76:7c:39:5e:83:84:70:b2 id_rsa (RSA)
2048 e6:02:1a:a4:2a:f9:63:4a:b7:de:66:60:f2:fa:0c:b4 dalef (RSA)


[ec2-user@___ .ssh]$ cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcfgMIAbEfNAiSgi4zXsObR1zGPHzVbff2suB/J2rLVgr5XNfLhf+kTRzTij0IWsutYj45j/eI87xC912WYtNG2An8262JwqRJZfwbnfDHMjwPQRwlDNjgGWRZwl8x9HO1V7EmBCaEEpeXg0ogbdhM386f/TTdWdUOofSqTEjuN2Nk73OHirPAj7MuWSGwGAwKCS4In2KbGAP/hk0c/PsCx52J+zjp2lteEaA9qWIovQggRw73dAqV++czMwCx2+7GMGxGx21fgSH4cYZ7Q6XxAxBkmsO7yoKZHUFj5QobSJ1TVh7N/61bFInt6Ua6btTXC7jwaATzkOBkv/rwLgtN **dalef**

不过需要密码。

Still asks for password.

更新 东西一定是真的错了我的设置。我试图让密码连接，但是，这并不管用。我需要开始思考的Capistrano的 - 另类？

Update Something must be really wrong with my setup. I tried allowing password connections but that doesn't work either. Do I need to start thinking of a Capistrano-alternative?

下面是对数

[ec2-user@___ ~]$ sudo vi /etc/ssh/sshd_config 
PasswordAuthentication yes
[ec2-user@___ ~]$ sudo passwd ec2-user
Changing password for user ec2-user.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[ec2-user@___ ~]$ exit
...
E, [2013-03-21T00:31:02.582111 #3739] ERROR -- net.ssh.authentication.session[3fd0f6e21178]: all authorization methods failed (tried password)
connection failed for: admin@___.sa-east-1.compute.amazonaws.com (Net::SSH::AuthenticationFailed: admin)

从这些日志我认为是Capistrano的是试图作为管理员登录。我怎样才能改变这种状况，以EC2用户？（我试过设置：用户，EC2用户，在deploy.rb）

From these logs what I assume is that Capistrano is trying to login as admin. How can I change that to ec2-user? (I've tried set :user, "ec2-user" in deploy.rb)

推荐答案

所以，大量的阅读后，我找到了解决办法。这我指出了正确的方向：<一href="http://serverfault.com/questions/55343/cant-get-ssh-public-key-authentication-to-work">http://serverfault.com/questions/55343/cant-get-ssh-public-key-authentication-to-work

So after a lot of reading, I found the solution. This pointed me in the right direction: http://serverfault.com/questions/55343/cant-get-ssh-public-key-authentication-to-work

主要的问题是，我不知道我在做什么。所以无论如何，如果有人有兴趣的解决方案，我想出了：

The main issue was that I didn't know what I was doing. So anyway if someone is interested in the solution I came up with:

• 不知怎的，Capistrano的始终使用管理员用户，除了一个你的设置，所以我创建了一个。你可以继续前进，请按照下列步骤操作： http://aws.amazon.com/articles/1233
• 在我创建了自己的一套酒吧/私有密钥使用ssh-keygen -b 1024 -f -t ec2admin DSA
• 我复制了ec2admin.pub文件服务器/home/admin/.ssh，通过使用scp
• 我在服务器附加酒馆内容到/home/admin/.ssh/authorized_keys文件
• 然后，它确实帮助读取sshd的日志中：在/ var /日志/安全（因人而异）

• 和终于解决了3故障的权限通过/ home：

• Somehow Capistrano always uses an admin user, besides the one you setup, so I created one. You can go ahead and follow these steps: http://aws.amazon.com/articles/1233
• I created my own set of pub/private keys using ssh-keygen -b 1024 -f ec2admin -t dsa
• I copied the ec2admin.pub file to /home/admin/.ssh in the server, by using scp
• I appended the pub contents to the /home/admin/.ssh/authorized_keys file in the server
• Then it really helped to read the sshd log at: /var/log/secure (YMMV)

• And finally solved three faulty permissions at /home:

搭配chmod 700 /home/.ssh

chmod 700 /home/.ssh

搭配chmod 600 /home/.ssh / *

chmod 600 /home/.ssh/*

行chmod 755 /家用/管理员

chmod 755 /home/admin

而这奏效了。我现在就可以登录，而无需输入密码。感谢您的帮助！

And that did the trick. I can now login without a password. Thanks for your help!

这篇关于顶盖采用EC2用户的管理，而不是的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！