在使用“`gcloud计算os-登录ssh-key附加”之后,将Linux锁定在外
在使用“`gcloud计算os-登录ssh-key附加”之后,将Linux锁定在外
提问于 2019-03-04 14:41:21
就像这家伙一样,当我尝试添加ssh键时,我开始收到错误消息:
Supplied fingerprint does not match current metadata fingerprint
当我试图将键添加到
- 具体的VM实例详细信息(使用web接口)
- 共享元数据(使用web接口)
我也会得到Permission denied (publickey).,不管是使用username@instance还是username_mycomp_com@instance登录。我和我的所有同事也不能再使用ssh网络登录,这意味着我们已经被锁在我们自己的服务器之外!
我只能将此归因于运行gcloud compute os-login ssh-keys add命令,该命令的影响似乎比它说的要大。
其他可能影响此问题的命令
gcloud compute ssh
$ gcloud compute ssh dev-mycomp-no
WARNING: The public SSH key file for gcloud does not exist.
WARNING: The private SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/carlerik/.ssh/google_compute_engine.
Your public key has been saved in /home/carlerik/.ssh/google_compute_engine.pub.
The key fingerprint is:
SHA256:cicl5t/5mDmIocrkDopK2C6Rf9OvT7FhKAh9GEMPFd8 carlerik@ubuntu
The key's randomart image is:
+---[RSA 2048]----+
| .=.o. |
| . * . . |
|. o o . E . |
| . o + o |
| .. . o S . |
|+. . +.B . . |
|.+o .. .oo..o |
|+o.=o o.. . .= |
|=..o=o.+o +.. |
+----[SHA256]-----+
No zone specified. Using zone [europe-west1-b] for instance: [dev-mycomp-no].
WARNING: Using OS Login user [carlerik_mycomp_com] instead of default user [carlerik]
Warning: Permanently added 'compute.7727415340568554709' (ECDSA) to the list of known hosts.
carlerik_mycomp_com@35.195.71.35: Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].gcloud compute os-login ssh-keys add
gcloud compute os-login ssh-keys add --key-file ~/.ssh/id_rsa.pub | stack-overflow
loginProfile:
name: '111200762294302015941'
posixAccounts:
- accountId: charged-foo-162409
gid: '438632669'
homeDirectory: /home/myuser_mycomp_com
operatingSystemType: LINUX
primary: true
uid: '438632669'
username: myuser_mycomp_com
sshPublicKeys:
f7fd01c562d4edb7292eada91dfb2213ef2344f9db605eedc65ac08cea39327e:
fingerprint: f7fd01c562d4edb7292eada91dfb2213ef2344f9db605eedc65ac08cea39327e
key: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtB10ag2fipH7Cnls3gZvl5eBJx0OvQaLu7hndL5sif3m4CTGmrN/MuP0lei0Rt23cBy5Ey2DqAjmizCAhdc3jSQm0pXisKG92Juo2HxiJw+eMUucoPhjbEy35sKKrru2//5uPpK5IEeVEve3bIXCAQUQgyOESmHBgXmKSCz0jQXEvcV8GxxkdXK7/UQVSe5wtxzPHOoP+foobar+bjHXnQkiqk5oDeP3ewPorrvxbOeOcqk0b1qrAQYSXHqXv6lENfWIceIz1EsZlRsIV i9-mycompgcloud compute instances add-metadata the-instance --metadata enable-oslogin=TRUE
在向导里看到了这个。假设这将启用其他登录方式。事后看来,我不知道这是怎么回事。
调试信息
$ gcloud compute os-login describe-profile
name: '111200762294302015941'
posixAccounts:
- gid: '726506529'
homeDirectory: /home/myuser_mycomp_com
operatingSystemType: LINUX
primary: true
uid: '726506529'
username: myuser_mycomp_com
- accountId: foo-mission-162409
gid: '438632669'
homeDirectory: /home/myuser_mycomp_com
operatingSystemType: LINUX
primary: true
uid: '438632669'
username: myuser_mycomp_com
sshPublicKeys:
3573aef91758f9706a884bffc95502ea5f31bbfab7a33d58be8abd9a84f53808:
fingerprint: 3573aef91758f9706a884bffc95502ea5f31bbfab7a33d58be8abd9a84f53808
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCaISFI0hCDMK5SIqIBlsboBQTBCoW98bvjUjoCDn9S4kXSOtVvwNeXc/Kb+9lXqKR8CbtYgOZySPqI+5VADdAIcfot2S65Fq5qOQ1IH7Uo29nzvhyjfRbckAs3gaTF6uzxEA0THqyAZ1oGIyK3vDI8W/Ofczi08oIYWpMmWA8dQNQuKRujloDuFElpjZEjbEyfkn/e7iSm1VxZ8aLEw7M3/BsJLmtwxa+tYyTAfKx63NRFbSWf873GLOyAKCnE5ls27ftlTjDJMISI3RZd1KMdyg+6KAwN7YsCTwJXarNXr9v2GcY8lrpC7dQ/lGK1nBsPa0kOSYKQzJ0LIDxfOan
myuser@ubuntu回答 2
Server Fault用户
发布于 2019-03-04 14:58:03
在禁用os登录功能之后,我能够再次登录:
gcloud compute instances add-metadata dev-diffia-no --metadata enable-oslogin=FALSEServer Fault用户
发布于 2019-07-03 16:20:29
在启用OS登录时,我遇到了类似的问题,我的密钥被旧debian实例拒绝。
症状:
- 命令行上的
Permission denied (publickey)错误消息在Using OS Login user消息之后, Received malformed response from server模块日志中的nss_oslogin错误消息。
该决议是从适当的储存库更新下列软件包:
- google-计算引擎
- google-计算-引擎-oslogin
- python-google-计算引擎
- python3 3-google-计算引擎
在此之前:
# dpkg -l | grep google
ii google-cloud-packages-archive-keyring 1.2-1 all Contains GPG signing key for Google Cloud Packages
ii google-cloud-sdk 253.0.0-0 all Utilities for the Google Cloud Platform
ii google-compute-engine 2.5.2-4 all google-compute-engine transitional package
ii google-compute-engine-init-jessie 2.1.3-0.1503598199 amd64 Google Compute Engine Linux initialization scripts
ii google-compute-engine-jessie 2.5.2-0.1502923259 all Google Compute Engine
ii google-compute-engine-oslogin 1.0.2-1+deb8 amd64 Google Compute Engine OS Login
ii google-config-jessie 2.1.2-0.1484936429 amd64 Google Compute Engine Linux guest configuration之后:
# dpkg -l | grep google
ii google-cloud-packages-archive-keyring 1.2-1 all Contains GPG signing key for Google Cloud Packages
ii google-cloud-sdk 253.0.0-0 all Utilities for the Google Cloud Platform
ii google-compute-engine 2.8.16-1 all Google Compute Engine guest environment.
ii google-compute-engine-oslogin 1.4.3-1+deb8 amd64 Google Compute Engine OS Login
rc google-config-jessie 2.1.2-0.1484936429 amd64 Google Compute Engine Linux guest configuration
ii python-google-compute-engine 2.8.16-1 all Google Compute Engine python library for Python 2.x.
ii python3-google-compute-engine 2.8.16-1 all Google Compute Engine python library for Python 3.x.为了连接到此实例以执行更新,需要将enable-oslogin=FALSE设置为实例的元数据如@oligofren的答复所述,从而暂时禁用OS登录。
然后确保这一点在/etc/apt/sources.list.d/google-cloud.list中存在(可能还有其他行):
deb http://packages.cloud.google.com/apt google-compute-engine-jessie-stable main并执行以下更新:
# sudo apt install --reinstall google-compute-engine google-compute-engine-oslogin python-google-compute-engine python3-google-compute-engine然后,您可以为实例重新启用OS登录。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/956662
复制相关文章
相似问题
腾讯云开发者
