服务器批量登入不了
Closed this issue · 18 comments
帮忙介绍下原理。已经配置服务器。
- JSch不支持高版本openssl生成的密钥对,建议降低版本试下
- 服务器账户中是否配置了凭据(建议使用密钥对 id_rsa+id_rsa.pub)
- opscloud需要与目标服务器通信(默认22端口)
我用的是aws的ssh服务。
- JSch不支持高版本openssl生成的密钥对,建议降低版本试下
使用OpenSSL 1.0.2k-fips 26 Jan 2017 - 服务器账户中是否配置了凭据(建议使用密钥对 id_rsa+id_rsa.pub)
已配置普通用户centos密钥对 - opscloud需要与目标服务器通信(默认22端口)
服务器22端口开着的
还有个问题怎样查看ssh server是正常的,如何在opscloud部署的服务器上面登入?
JSch不支持Ed25519,rsa密钥长度不能超过2048
你只需要用低版本的openssl生成密钥对即可,不需要降低EC2服务器的openssl版本
看下在最新JSch是支持的。我们已经是最新版本了。
JSch在2018年以后就没有更新了,远程登录后看下opscloud日志,把异常堆栈日志贴给我
2022-01-13 17:04:23.033 INFO 26291 --- [pool-2-thread-2] c.b.o.t.processor.impl.LoginProcessor : 初始化serverNode: instanceId = 172.29.137.99-default-2
2022-01-13 17:04:23.102 INFO 26291 --- [pool-2-thread-2] c.b.o.s.handler.RemoteInvokeHandler : com.jcraft.jsch.JSchException: Auth fail
com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:519)
at com.baiyi.opscloud.sshcore.util.SessionConfigUtil.setDefault(SessionConfigUtil.java:26)
at com.baiyi.opscloud.sshcore.handler.RemoteInvokeHandler.openWebTerminal(RemoteInvokeHandler.java:85)
at com.baiyi.opscloud.terminal.processor.impl.LoginProcessor.lambda$process$0(LoginProcessor.java:49)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2022-01-13 17:04:37.481 INFO 26291 --- [scheduling-1] c.b.o.aspect.I
OpenSSL 1.0.2k-fips 26 Jan 2017 生成的密钥对你可以试下
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1IXYSgd7tDoGccwg10JEVuV8u/48rsZkc+6k5aAeFTxbm8YM
CzgMdJG5+Y8qzlCiCJVwz+aaZeS8i7qx0GvWOcyq9are4uf+bSbP88KDWvflxLUp
zaB2Cbi1HcBlQJ+fRBvYBF95eWezAN8VQcOAqw6Xb+E+EuhvioN7qpsvY0Gpxt1z
U/O/rZ3nLgzCKgH35w77LUkHHEFRE9z5ZfLu84Pv5tO59JL8/XjEwxmGvgbstxCL
ISZ3qm1irm1R9nBAUDOLcb12lxUtH6h3wlaDB5R+wMmpOfnpXDHvIssNODdZgGzX
W2+tybZKr7HibNNfv0fRNG0iBb2yOKVG9h4P8wIDAQABAoIBAA3RSfe+Ns/H+gVK
FVSJjXHs58g9RmrCoWNcP8JiP7J3wykEnmHYWg72LpZINatGWNKgDL6nqqA3V/7p
u4fmiv4lDXR9kJJGLSehn2Gk4u92MK0ybi5dYW9OYBA4Ix0pg6xk9w2Ju5cmI+BJ
oNMux93XTAdNKMEH9cCWveKgxlr4mpsL7QKuxTe7RjxuEeSaWifFhtcjrfxOtkKA
cqkQm26ZOVAPbx0LJnLFyHqsibhrnqn11Rx/YXqMDUbNBET8zPSbWYKpIajAQxas
v763/tCw69JQSJe1mM5FBoc+riyLGtD+7A1o4vk4U52WhwycByOPq1GGj/vxH3t8
Orf3VNECgYEA8wAWLvw1U8ibj4/F9jjowBzGy8lqOlAifVtCB1x3rtMczyUrZeMX
LKx2Vc2dXaptnnIrZG7TwWzvxmRm/1pIdc5M465NmYid2biN3uFsYHB6W6svX5Ba
+4LrgtAFPpoLtQXCYjTYAsNeTnqFU4HIpOmJ8d+Lu5MZwQKYh6B4NekCgYEA3+Rd
pKyW9Hxhc1UzfduTQSe5o5rAgyPqSIDeZ8M7anhwvv1U/L5goMxHgpPas82lQa12
1yGPsb0RejuWgo2sB7RKI/KfAcW21vs12SLHE5bRSh9E64SZq9Q9EBWotAyUlI1O
aZhyhAbOaY7dVbbEkl2nWYWsI4x34NU37rnMQXsCgYEA1MYppoCOjUtl8yHYHE4e
d0F7TKuTiXXrjUpgGaP85CbU3gjU5EUhYKuuflkpRv/ZNlkP58QnRQIHPfdiPIuo
UQcQSniwWBTI6wBvsU4/oH48lZHiTFJRaFNttsBBJ1ypjZt6ZpWQ43KAXEVqAwHs
V4JqmFC+wMMAVQHZ30BCoikCgYEA06wL/IxPi4WsfGWo8OyPI6JzGAJOz6086p8r
pd4mZlrH/Ul0+B7lLCD12rX+ps9d1eIx4OKR//BIfc+oVHWslvwUvDe9rOdIHagT
GN6QaCzGYdV+S0xqHNHjiTlw7giW0HtoDt1aJwhoTdQL3eWVout4NGL0hAdhrubm
ooR2X9ECgYAp4ZnZ1yAqrJG1GOLHCohXM8VYrPDQLsk/6X4VEsTr8tBi+ZKObOBz
peCoEglNLgP9wa5dQ64/u0czXWZDyD/AL7jg3u5r2Yz6db4vE6IlRowtxADYKSED
+wOQ+TU5XVVF+dlVt7VySNg+8ZoTiwzOkJUDkRmeigY/TboVBzeiYQ==
-----END RSA PRIVATE KEY-----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUhdhKB3u0OgZxzCDXQkRW5Xy7/jyuxmRz7qTloB4VPFubxgwLOAx0kbn5jyrOUKIIlXDP5ppl5LyLurHQa9Y5zKr1qt7i5/5tJs/zwoNa9+XEtSnNoHYJuLUdwGVAn59EG9gEX3l5Z7MA3xVBw4CrDpdv4T4S6G+Kg3uqmy9jQanG3XNT87+tnecuDMIqAffnDvstSQccQVET3Pll8u7zg+/m07n0kvz9eMTDGYa+Buy3EIshJneqbWKubVH2cEBQM4txvXaXFS0fqHfCVoMHlH7Ayak5+elcMe8iyw04N1mAbNdbb63JtkqvseJs01+/R9E0bSIFvbI4pUb2Hg/z baiyi-test
把私钥格式转换一下即可使用
ssh-keygen -p -f id_rsa -m pem
OpenSSL 1.0.2k-fips 26 Jan 2017 生成的密钥对你可以试下
-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA1IXYSgd7tDoGccwg10JEVuV8u/48rsZkc+6k5aAeFTxbm8YM CzgMdJG5+Y8qzlCiCJVwz+aaZeS8i7qx0GvWOcyq9are4uf+bSbP88KDWvflxLUp zaB2Cbi1HcBlQJ+fRBvYBF95eWezAN8VQcOAqw6Xb+E+EuhvioN7qpsvY0Gpxt1z U/O/rZ3nLgzCKgH35w77LUkHHEFRE9z5ZfLu84Pv5tO59JL8/XjEwxmGvgbstxCL ISZ3qm1irm1R9nBAUDOLcb12lxUtH6h3wlaDB5R+wMmpOfnpXDHvIssNODdZgGzX W2+tybZKr7HibNNfv0fRNG0iBb2yOKVG9h4P8wIDAQABAoIBAA3RSfe+Ns/H+gVK FVSJjXHs58g9RmrCoWNcP8JiP7J3wykEnmHYWg72LpZINatGWNKgDL6nqqA3V/7p u4fmiv4lDXR9kJJGLSehn2Gk4u92MK0ybi5dYW9OYBA4Ix0pg6xk9w2Ju5cmI+BJ oNMux93XTAdNKMEH9cCWveKgxlr4mpsL7QKuxTe7RjxuEeSaWifFhtcjrfxOtkKA cqkQm26ZOVAPbx0LJnLFyHqsibhrnqn11Rx/YXqMDUbNBET8zPSbWYKpIajAQxas v763/tCw69JQSJe1mM5FBoc+riyLGtD+7A1o4vk4U52WhwycByOPq1GGj/vxH3t8 Orf3VNECgYEA8wAWLvw1U8ibj4/F9jjowBzGy8lqOlAifVtCB1x3rtMczyUrZeMX LKx2Vc2dXaptnnIrZG7TwWzvxmRm/1pIdc5M465NmYid2biN3uFsYHB6W6svX5Ba +4LrgtAFPpoLtQXCYjTYAsNeTnqFU4HIpOmJ8d+Lu5MZwQKYh6B4NekCgYEA3+Rd pKyW9Hxhc1UzfduTQSe5o5rAgyPqSIDeZ8M7anhwvv1U/L5goMxHgpPas82lQa12 1yGPsb0RejuWgo2sB7RKI/KfAcW21vs12SLHE5bRSh9E64SZq9Q9EBWotAyUlI1O aZhyhAbOaY7dVbbEkl2nWYWsI4x34NU37rnMQXsCgYEA1MYppoCOjUtl8yHYHE4e d0F7TKuTiXXrjUpgGaP85CbU3gjU5EUhYKuuflkpRv/ZNlkP58QnRQIHPfdiPIuo UQcQSniwWBTI6wBvsU4/oH48lZHiTFJRaFNttsBBJ1ypjZt6ZpWQ43KAXEVqAwHs V4JqmFC+wMMAVQHZ30BCoikCgYEA06wL/IxPi4WsfGWo8OyPI6JzGAJOz6086p8r pd4mZlrH/Ul0+B7lLCD12rX+ps9d1eIx4OKR//BIfc+oVHWslvwUvDe9rOdIHagT GN6QaCzGYdV+S0xqHNHjiTlw7giW0HtoDt1aJwhoTdQL3eWVout4NGL0hAdhrubm ooR2X9ECgYAp4ZnZ1yAqrJG1GOLHCohXM8VYrPDQLsk/6X4VEsTr8tBi+ZKObOBz peCoEglNLgP9wa5dQ64/u0czXWZDyD/AL7jg3u5r2Yz6db4vE6IlRowtxADYKSED +wOQ+TU5XVVF+dlVt7VySNg+8ZoTiwzOkJUDkRmeigY/TboVBzeiYQ== -----END RSA PRIVATE KEY-----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUhdhKB3u0OgZxzCDXQkRW5Xy7/jyuxmRz7qTloB4VPFubxgwLOAx0kbn5jyrOUKIIlXDP5ppl5LyLurHQa9Y5zKr1qt7i5/5tJs/zwoNa9+XEtSnNoHYJuLUdwGVAn59EG9gEX3l5Z7MA3xVBw4CrDpdv4T4S6G+Kg3uqmy9jQanG3XNT87+tnecuDMIqAffnDvstSQccQVET3Pll8u7zg+/m07n0kvz9eMTDGYa+Buy3EIshJneqbWKubVH2cEBQM4txvXaXFS0fqHfCVoMHlH7Ayak5+elcMe8iyw04N1mAbNdbb63JtkqvseJs01+/R9E0bSIFvbI4pUb2Hg/z baiyi-test
我用你这个密钥对也是登陆不了
新版本已经可以支持rsa4096bit和ed25519格式密钥
新版本已经可以支持rsa4096bit和ed25519格式密钥
我下载了最新的master分支代码,还是不行
JSch
新版本已经可以支持rsa4096bit和ed25519格式密钥
可以了,centos7版本的不行,我用8的机器可以
异常日志跟上面那位一样。谢谢作者大晚上的回复