windows – gcloud ssh抛出潜在的安全漏洞错误

请注意 – 这是平台特定的。 我试过这个

>>> print sys.platform 'darwin' 

而代码没有问题。 然而,

 >>> print sys.platform 'win32' 

我得到这个问题。

此外,我能winscp进入实例没有问题。


我正在运行下面的gcloud ssh命令:

 gcloud compute ssh my-instance --zone=us-east1-b --command="sudo -S -i -u root -p '' echo 'git -C /root/git/v_a stash;git -C /root/git/v_a pull https://user:[email protected]/user/v_a.git;git -C /root/git/gcloud stash;git -C /root/git/gcloud pull https://user:[email protected]/user/gcloud.git;git -C /root/git/bt stash;git -C /root/git/bt pull https://user:[email protected]/user/bt.git;python /root/git/v_a/d_s_e.py --r-day=1 --rl=5;' > runner.sh " 

直到最近,它工作,但现在正在返回:

 WARNING - POTENTIAL SECURITY BREACH! The server's host key does not match the one PuTTY has cached in the registry. This means that either the server administrator has changed the host key, or you have actually connected to another computer pretending to be the server. The new rsa2 key fingerprint is: ssh-rsa blah If you were expecting this change and trust the new key, enter "y" to update PuTTY's cache and continue connecting. If you want to carry on connecting but without updating the cache, enter "n". If you want to abandon the connection completely, press Return to cancel. Pressing Return is the ONLY guaranteed safe choice. Update cached key? (y/n, Return cancels connection) stdin: is not a tty 

正如你在上面的命令中看到的那样,它只是echo一个.sh文件。

如果我删除了C:\Users\%USER%\.ssh ,然后重新运行我的gcloud ssh,我得到:

 WARNING: The PuTTY PPK SSH key file for gcloud does not exist. WARNING: The public SSH key file for gcloud does not exist. WARNING: The private SSH key file for gcloud does not exist. WARNING: You do not have an SSH key for gcloud. WARNING: SSH keygen will be executed to generate a key. Updating project ssh metadata... .....................Updated [https://www.googleapis.com/compute/v1/projects/my-project]. done. Waiting for SSH key to propagate. WARNING - POTENTIAL SECURITY BREACH! The server's host key does not match the one PuTTY has cached in the registry. This means that either the server administrator has changed the host key, or you have actually connected to another computer pretending to be the server. The new rsa2 key fingerprint is: ssh-rsa foo If you were expecting this change and trust the new key, enter "y" to update PuTTY's cache and continue connecting. If you want to carry on connecting but without updating the cache, enter "n". If you want to abandon the connection completely, press Return to cancel. Pressing Return is the ONLY guaranteed safe choice. Update cached key? (y/n, Return cancels connection) stdin: is not a tty 

为什么我得到这个错误信息? 我只是最近才开始接受。

如何避免收到此错误讯息? 有一个标志,我可以通过我的gcloud ssh命令来以编程方式更新此caching的密钥?

谢谢!


编辑回复Navi:

在我的gcloud实例中,我有以下path:

 /home/%USER%/.ssh 

在本地,在我的电脑上,我跑了:

 C:\>gcloud compute copy-files instance-va-20170826113548099000-l5-r1:/home/%USER%/.ssh C:/temp/ --zone us-east1-b 

此外,本地我有以下path:

 C:\Users\%USER%\.ssh 

其中有以下ls -l

 $ ls -l total 97 -rw-r--r-- 1 username 197121 1679 Apr 9 20:55 _google_compute_engine -rw-r--r-- 1 username 197121 1454 Apr 9 20:56 _google_compute_engine.ppk -rw-r--r-- 1 username 197121 422 Apr 9 20:55 _google_compute_engine.pub -rw-r--r-- 1 username 197121 63368 Jul 7 2016 _known_hosts -rw-r--r-- 1 username 197121 398 Jun 27 2016 _known_hosts.txt -rw-r--r-- 1 username 197121 1675 May 12 2015 github_rsa -rw-r--r-- 1 username 197121 408 May 12 2015 github_rsa.pub -rw-r--r-- 1 username 197121 1679 Aug 5 17:41 google_compute_engine -rw-r--r-- 1 username 197121 1454 Aug 5 17:41 google_compute_engine.ppk -rw-r--r-- 1 username 197121 1454 Aug 5 13:21 google_compute_engine.ppk_ -rw-r--r-- 1 username 197121 422 Aug 5 17:41 google_compute_engine.pub -rw-r--r-- 1 username 197121 422 Aug 5 13:21 google_compute_engine.pub_ -rw-r--r-- 1 username 197121 1679 Aug 5 13:21 google_compute_engine_ 

在试验解决这个问题,我已经用下划线重命名旧的文件(这不应该适用于问题,只有文件)。

现在,在元数据的SSH密钥,我有以下几点: 在这里输入图像说明

在我的C:\temp\.ssh\authorized_keys我有以下(截断不公开我的钥匙):

 # Added by Google ssh-rsa AAAAB3NzaC CookieMunster\jasonm@CookieMunster 

而我的本地C:\Users\%USER%\.ssh\google_compute_engine.ppk有:

 PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: CookieMunster\jasonm@CookieMunster Public-Lines: 6 AAAAB3NzaC Private-Lines: 14 AAABA Private-MAC: bd4 

我比较了记事本++中的完整string,它们是相同的,除了google_compute_engine.ppk文件不在尾部包含计算机名称,而是在注释中。

所以Navi我不认为他们有所不同。


我的systeminfo命令产生:

 Host Name: PCNAME OS Name: Microsoft Windows 8.1 OS Version: 6.3.9600 N/A Build 9600 OS Manufacturer: Microsoft Corporation OS Configuration: Standalone Workstation OS Build Type: Multiprocessor Free Registered Owner: user Registered Organization: Product ID: 00258-61265-96725-AAOEM Original Install Date: 5/31/2014, 12:56:22 PM System Boot Time: 9/1/2017, 12:32:41 AM System Manufacturer: Acer System Model: Aspire XC-603 System Type: x64-based PC Processor(s): 1 Processor(s) Installed. [01]: Intel64 Family 6 Model 55 Stepping 3 GenuineIntel ~2408 Mhz BIOS Version: American Megatrends Inc. P11-A2, 1/23/2014 Windows Directory: C:\Windows System Directory: C:\Windows\system32 Boot Device: \Device\HarddiskVolume2 System Locale: en-us;English (United States) Input Locale: N/A Time Zone: (UTC-05:00) Eastern Time (US & Canada) Total Physical Memory: 3,985 MB Available Physical Memory: 734 MB Virtual Memory: Max Size: 8,128 MB Virtual Memory: Available: 2,523 MB Virtual Memory: In Use: 5,605 MB Page File Location(s): C:\pagefile.sys Domain: WORKGROUP Logon Server: \\PCNAME Hotfix(s): 117 Hotfix(s) Installed. [01]: KB2899189_Microsoft-Windows-CameraCodec-Package [02]: KB2868626 [03]: KB2883200 [04]: KB2884846 [05]: KB2887595 [06]: KB2894029 [07]: KB2894179 [08]: KB2894852 [09]: KB2894856 [10]: KB2896459 [11]: KB2900986 [12]: KB2903939 [13]: KB2910887 [14]: KB2911106 [15]: KB2913642 [16]: KB2919355 [17]: KB2919394 [18]: KB2919442 [19]: KB2920189 [20]: KB2921128 [21]: KB2928680 [22]: KB2954879 [23]: KB2955164 [24]: KB2958262 [25]: KB2959626 [26]: KB2959977 [27]: KB2961072 [28]: KB2961908 [29]: KB2962140 [30]: KB2962409 [31]: KB2965142 [32]: KB2965500 [33]: KB2966826 [34]: KB2966828 [35]: KB2967917 [36]: KB2968296 [37]: KB2969339 [38]: KB2971203 [39]: KB2972103 [40]: KB2972213 [41]: KB2973114 [42]: KB2975061 [43]: KB2975719 [44]: KB2976627 [45]: KB2977629 [46]: KB2977765 [47]: KB2978041 [48]: KB2978122 [49]: KB2978126 [50]: KB2979573 [51]: KB2979576 [52]: KB2984006 [53]: KB2987107 [54]: KB2989647 [55]: KB2989930 [56]: KB2990967 [57]: KB2993100 [58]: KB2994290 [59]: KB2995004 [60]: KB2995388 [61]: KB2996799 [62]: KB2998174 [63]: KB2999226 [64]: KB3000850 [65]: KB3003057 [66]: KB3003667 [67]: KB3004361 [68]: KB3004365 [69]: KB3004394 [70]: KB3006137 [71]: KB3008188 [72]: KB3008242 [73]: KB3008923 [74]: KB3011780 [75]: KB3012199 [76]: KB3012235 [77]: KB3012702 [78]: KB3013172 [79]: KB3013410 [80]: KB3014442 [81]: KB3016074 [82]: KB3018133 [83]: KB3019215 [84]: KB3019978 [85]: KB3020338 [86]: KB3021952 [87]: KB3022777 [88]: KB3022796 [89]: KB3023266 [90]: KB3023562 [91]: KB3024751 [92]: KB3024755 [93]: KB3025417 [94]: KB3027209 [95]: KB3029606 [96]: KB3029803 [97]: KB3030377 [98]: KB3030947 [99]: KB3032323 [100]: KB3032359 [101]: KB3033889 [102]: KB3034344 [103]: KB3034348 [104]: KB3035017 [105]: KB3035126 [106]: KB3035131 [107]: KB3035132 [108]: KB3035527 [109]: KB3035553 [110]: KB3035583 [111]: KB3036228 [112]: KB3036562 [113]: KB3036612 [114]: KB3039066 [115]: KB3044132 [116]: KB3046049 [117]: KB3102467 Network Card(s): 2 NIC(s) Installed. [01]: Realtek PCIe GBE Family Controller Connection Name: Ethernet DHCP Enabled: Yes DHCP Server: 000.000.1.1 IP address(es) [01]: 000.000.0.155 [02]: ffff::ffff:ffff:ffff:ffff [02]: TAP-Windows Adapter V9 Connection Name: Ethernet 2 Status: Media disconnected Hyper-V Requirements: VM Monitor Mode Extensions: Yes Virtualization Enabled In Firmware: Yes Second Level Address Translation: Yes Data Execution Prevention Available: Yes 

我试图使用“Google Cloud SDK Shell”在MS服务器2012 R2上复制这些信息,但没有收到警告消息。 最有可能的原因是GCE服务器上的RSA指纹已经改变,但是客户端计算机仍然存储有以前的RSA指纹。

validation客户端计算机上C:\ Users \%USER%.ssh目录文件下的密钥与/path-to-home-directory/.ssh目录文件下的GCE实例用户SSH密钥匹配。 此外,在云控制台>计算引擎>元数据>检查“SSH密钥”选项卡下validation项目范围的SSH密钥,以获取可用密钥,以便与存储在客户机C:\ Users \%USER%.ssh目录下的密钥相匹配。

即使您select“是”更新caching密钥? 在客户端电脑上?

编辑:附加屏幕截图。 在这里输入图像说明