如果 运行 带有子进程,则 ssh 主机密钥验证失败
ssh host key verification failed if run with subprocess
我有两台电脑运行 Linuxa@A和b@B,麦克风连接到B。
使用 A,我登录到 b@B 以启动一个 python 脚本,该脚本可以实时收听麦克风。
这是我的代码:
#!/usr/bin/env python
# -*-coding:Latin-1 -*
import threading
import time
import pygame
import sys
import subprocess
import os
import signal
global listenProcess
global listenProcess2
listenProcess = subprocess.Popen('arecord -D plughw:1,0 -f dat'.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
listenProcess2 = subprocess.Popen('ssh -C a@A aplay -f dat'.split(), stdin=listenProcess.stdout, stderr=subprocess.PIPE)
如果我启动命令:
arecord -D plughw:1,0 -f dat | ssh -C a@A aplay -f dat
它工作得很好,我可以听到麦克风录制的内容。但如果它来自我的 python 脚本,则会引发以下错误:
Host key verification failed
我已经尝试 "clean" 出现错误时建议的 known_hosts 文件。
我也尝试过 paramiko,但似乎不是我的解决方案。
我 运行 没主意了。
谢谢
编辑:
运行 arecord -D plughw:1,0 -f dat | ssh -v -C bertrand@192.168.1.33 aplay -f dat
显示:
pi@raspberrypi ~/Documents $ arecord -D plughw:1,0 -f dat | ssh -v -C bertrand@192.168.1.33 aplay -f dat
Recording WAVE 'stdin' : Signed 16 bit Little Endian, Rate 48000 Hz, Stereo
OpenSSH_6.7p1 Raspbian-5+deb8u1, OpenSSL 1.0.1k 8 Jan 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.33 [192.168.1.33] port 22.
debug1: Connection established.
debug1: identity file /home/pi/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Raspbian-5+deb8u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9p1 Ubuntu-2ubuntu0.1
debug1: match: OpenSSH_6.9p1 Ubuntu-2ubuntu0.1 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com zlib@openssh.com
debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com zlib@openssh.com
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e1:fc:46:c9:5f:66:f8:d5:8f:13:27:cb:2d:a5:7b:17
debug1: Host '192.168.1.33' is known and matches the ECDSA host key.
debug1: Found key in /home/pi/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/pi/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.33 ([192.168.1.33]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LC_PAPER = fr_FR.UTF-8
debug1: Sending env LC_ADDRESS = fr_FR.UTF-8
debug1: Sending env LC_MONETARY = fr_FR.UTF-8
debug1: Sending env LC_NUMERIC = fr_FR.UTF-8
debug1: Sending env LC_TELEPHONE = fr_FR.UTF-8
debug1: Sending env LC_IDENTIFICATION = fr_FR.UTF-8
debug1: Sending env LANG = en_GB.UTF-8
debug1: Sending env LC_MEASUREMENT = fr_FR.UTF-8
debug1: Sending env LC_TIME = fr_FR.UTF-8
debug1: Sending env LC_NAME = fr_FR.UTF-8
debug1: Sending command: aplay -f dat
Playing WAVE 'stdin' : Signed 16 bit Little Endian, Rate 48000 Hz, Stereo
因为它是在命令行中启动的,所以它正在运行。
编辑:
好的,我想我可能找到了原因:由于我的整个 python 脚本在我的远程 pc 上使用 pygame 启动全屏显示,我需要使用 sudo 启动脚本。因此,我认为当它使用子进程启动 ssh 时,它也在尝试在计算机 A 上以 sudo 身份连接。我认为这是因为我的代码的简单版本正在运行,但如果我以 sudo 身份启动它,它会要求我密码。问题是,我仍然需要以 sudo 身份启动脚本。
警告:
该解决方案可能并不适合所有人,因为它并不完全安全,但对于我的特殊问题,即我的 2 台计算机在没有互联网连接的情况下直接连接,风险不高。
解法:
在服务器上,我这样做了:
sudo su - root # log in as root
ssh-keygen -t rsa # generate a rsa key
cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' # add the key to the other computer
service ssh restart # restart ssh just in case
这样就可以了。感谢您的帮助。
我有两台电脑运行 Linuxa@A和b@B,麦克风连接到B。 使用 A,我登录到 b@B 以启动一个 python 脚本,该脚本可以实时收听麦克风。
这是我的代码:
#!/usr/bin/env python
# -*-coding:Latin-1 -*
import threading
import time
import pygame
import sys
import subprocess
import os
import signal
global listenProcess
global listenProcess2
listenProcess = subprocess.Popen('arecord -D plughw:1,0 -f dat'.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
listenProcess2 = subprocess.Popen('ssh -C a@A aplay -f dat'.split(), stdin=listenProcess.stdout, stderr=subprocess.PIPE)
如果我启动命令:
arecord -D plughw:1,0 -f dat | ssh -C a@A aplay -f dat
它工作得很好,我可以听到麦克风录制的内容。但如果它来自我的 python 脚本,则会引发以下错误:
Host key verification failed
我已经尝试 "clean" 出现错误时建议的 known_hosts 文件。 我也尝试过 paramiko,但似乎不是我的解决方案。
我 运行 没主意了。
谢谢
编辑:
运行 arecord -D plughw:1,0 -f dat | ssh -v -C bertrand@192.168.1.33 aplay -f dat
显示:
pi@raspberrypi ~/Documents $ arecord -D plughw:1,0 -f dat | ssh -v -C bertrand@192.168.1.33 aplay -f dat
Recording WAVE 'stdin' : Signed 16 bit Little Endian, Rate 48000 Hz, Stereo
OpenSSH_6.7p1 Raspbian-5+deb8u1, OpenSSL 1.0.1k 8 Jan 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.33 [192.168.1.33] port 22.
debug1: Connection established.
debug1: identity file /home/pi/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Raspbian-5+deb8u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9p1 Ubuntu-2ubuntu0.1
debug1: match: OpenSSH_6.9p1 Ubuntu-2ubuntu0.1 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com zlib@openssh.com
debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com zlib@openssh.com
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e1:fc:46:c9:5f:66:f8:d5:8f:13:27:cb:2d:a5:7b:17
debug1: Host '192.168.1.33' is known and matches the ECDSA host key.
debug1: Found key in /home/pi/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/pi/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.33 ([192.168.1.33]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LC_PAPER = fr_FR.UTF-8
debug1: Sending env LC_ADDRESS = fr_FR.UTF-8
debug1: Sending env LC_MONETARY = fr_FR.UTF-8
debug1: Sending env LC_NUMERIC = fr_FR.UTF-8
debug1: Sending env LC_TELEPHONE = fr_FR.UTF-8
debug1: Sending env LC_IDENTIFICATION = fr_FR.UTF-8
debug1: Sending env LANG = en_GB.UTF-8
debug1: Sending env LC_MEASUREMENT = fr_FR.UTF-8
debug1: Sending env LC_TIME = fr_FR.UTF-8
debug1: Sending env LC_NAME = fr_FR.UTF-8
debug1: Sending command: aplay -f dat
Playing WAVE 'stdin' : Signed 16 bit Little Endian, Rate 48000 Hz, Stereo
因为它是在命令行中启动的,所以它正在运行。
编辑: 好的,我想我可能找到了原因:由于我的整个 python 脚本在我的远程 pc 上使用 pygame 启动全屏显示,我需要使用 sudo 启动脚本。因此,我认为当它使用子进程启动 ssh 时,它也在尝试在计算机 A 上以 sudo 身份连接。我认为这是因为我的代码的简单版本正在运行,但如果我以 sudo 身份启动它,它会要求我密码。问题是,我仍然需要以 sudo 身份启动脚本。
警告: 该解决方案可能并不适合所有人,因为它并不完全安全,但对于我的特殊问题,即我的 2 台计算机在没有互联网连接的情况下直接连接,风险不高。
解法: 在服务器上,我这样做了:
sudo su - root # log in as root
ssh-keygen -t rsa # generate a rsa key
cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys' # add the key to the other computer
service ssh restart # restart ssh just in case
这样就可以了。感谢您的帮助。