为什么SSH需要密码短语来处理密码短语？ [英] Why does SSH need a passphrase for a passphrase-less key?

问题描述

我有一个不使用密码的SSH密钥。我希望在构建Docker容器时使用该键来获取私有git存储库。

I have a SSH Key that uses no passphrase. I want to use that key to pull a private git repository when building a Docker container.

我成功地在构建时将密钥放入容器，但现在SSH失败因为它无法打开/ dev / tty来请求密钥的密码。

I successfully managed to get the key into the container at build time but now SSH fails because it can't open /dev/tty to ask for the key's passphrase. The key doesn't have one, as mentioned.

以下是一些SSH输出（-v）

Here's some of the SSH output (-v)

debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_load_private_type: incorrect passphrase supplied to decrypt private key
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: No more authentication methods to try.
Permission denied (publickey).
fatal: Could not read from remote repository.

推荐答案

您的密钥文件可能以某种方式损坏。 ssh（至少有一些版本）会在任何时候提示输入密码，以至于无法理解密钥文件：

Your key file might be corrupt in some way. ssh (at least some versions) will prompt for a passphrase any time it can't make sense of the key file:

$ dd if=/dev/urandom of=key bs=1500 count=1
1+0 records in
1+0 records out
1500 bytes transferred in 0.000190 secs (7893922 bytes/sec)
$ chmod 600 key
$ ssh -i key foo@localhost
Enter passphrase for key 'key':

这篇关于为什么SSH需要密码短语来处理密码短语？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！