cap使用admin而不是ec2-user

我正在尝试为我的ROR网站做一个“封装ec2onrails：setup”到EC2实例（亚马逊图像），但无论我做什么，身份validation都会一直要求我输入密码。我在这个和/或其他论坛上尝试了几乎所有我读过的东西：

将公钥从〜/ .ssh复制到ec2-user @_。sa-east-1.compute.amazonaws.com：/ home / ec2-user / .ssh / authorized_keys2（或authorized_keys）
使用Amazon Management Console生成私钥，然后将公钥从服务器复制到我的计算机
使用ssh-add -l添加任何这些键
使用ssh-keychain生成新密钥
使用我机器中已有的公钥/私钥组（id_rsa＆id_rsa.pub）
按照上述^^约定命名键
chmod 400为〜/ .ssh中的键
将键移动到〜/ .ec2
设置像这里所述的环境变量

笔记：

使用ssh和AWS .pem密钥连接到服务器工作正常
我在“ssh_options”中设置“keys”值并不重要，Capistrano似乎总是忽略它。但是，它不会忽略ssh-add -l中列出的键

以下是我尝试设置关键路径的方法

set :ssh_options, {:keys => ["/Users/dalef/.ssh/pk"]}

这是我最新测试的输出代码，使用详细输出

 Damians-MacBook-Pro:test dalef$ cap ec2onrails:setup [Deprecation Warning] This API has changed, please hook `deploy:create_symlink` instead of `deploy:symlink`. * 2013-03-20 20:10:52 executing `ec2onrails:setup' * 2013-03-20 20:10:52 executing `ec2onrails:server:update_hostname' * executing "sudo -p 'sudo password: ' /usr/local/ec2onrails/bin/update_hostname" servers: ["___.sa-east-1.compute.amazonaws.com"] D, [2013-03-20T20:10:52.471872 #2647] DEBUG -- net.ssh.transport.session[3fe825c3c40c]: establishing connection to ___.sa-east-1.compute.amazonaws.com:22 D, [2013-03-20T20:10:52.539934 #2647] DEBUG -- net.ssh.transport.session[3fe825c3c40c]: connection established I, [2013-03-20T20:10:52.540236 #2647] INFO -- net.ssh.transport.server_version[3fe825c45728]: negotiating protocol version D, [2013-03-20T20:10:52.591866 #2647] DEBUG -- net.ssh.transport.server_version[3fe825c45728]: remote is `SSH-2.0-OpenSSH_5.3' D, [2013-03-20T20:10:52.591965 #2647] DEBUG -- net.ssh.transport.server_version[3fe825c45728]: local is `SSH-2.0-Ruby/Net::SSH_2.6.6 x86_64-darwin12.2.0' D, [2013-03-20T20:10:52.635419 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 784 bytes D, [2013-03-20T20:10:52.635555 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 0 type 20 len 780 I, [2013-03-20T20:10:52.635654 #2647] INFO -- net.ssh.transport.algorithms[3fe825c484dc]: got KEXINIT from server I, [2013-03-20T20:10:52.635844 #2647] INFO -- net.ssh.transport.algorithms[3fe825c484dc]: sending KEXINIT D, [2013-03-20T20:10:52.636042 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 0 type 20 len 1620 D, [2013-03-20T20:10:52.636141 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 1624 bytes I, [2013-03-20T20:10:52.636196 #2647] INFO -- net.ssh.transport.algorithms[3fe825c484dc]: negotiating algorithms D, [2013-03-20T20:10:52.636319 #2647] DEBUG -- net.ssh.transport.algorithms[3fe825c484dc]: negotiated: * kex: diffie-hellman-group-exchange-sha1 * host_key: ssh-rsa * encryption_server: aes128-cbc * encryption_client: aes128-cbc * hmac_client: hmac-sha1 * hmac_server: hmac-sha1 * compression_client: none * compression_server: none * language_client: * language_server: D, [2013-03-20T20:10:52.636373 #2647] DEBUG -- net.ssh.transport.algorithms[3fe825c484dc]: exchanging keys D, [2013-03-20T20:10:52.636563 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 1 type 34 len 20 D, [2013-03-20T20:10:52.636613 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 24 bytes D, [2013-03-20T20:10:52.738438 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 152 bytes D, [2013-03-20T20:10:52.738637 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 1 type 31 len 148 D, [2013-03-20T20:10:52.744324 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 2 type 32 len 140 D, [2013-03-20T20:10:52.744468 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 144 bytes D, [2013-03-20T20:10:52.790733 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 720 bytes D, [2013-03-20T20:10:52.790938 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 2 type 33 len 700 D, [2013-03-20T20:10:52.795329 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 3 type 21 len 20 D, [2013-03-20T20:10:52.795447 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 24 bytes D, [2013-03-20T20:10:52.795542 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 3 type 21 len 12 D, [2013-03-20T20:10:52.795871 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: beginning authentication of `admin' D, [2013-03-20T20:10:52.796008 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 4 type 5 len 28 D, [2013-03-20T20:10:52.796071 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 52 bytes D, [2013-03-20T20:10:52.944233 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes D, [2013-03-20T20:10:52.944626 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 4 type 6 len 28 D, [2013-03-20T20:10:52.945125 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: trying publickey D, [2013-03-20T20:10:52.945906 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: connecting to ssh-agent D, [2013-03-20T20:10:52.946221 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: sending agent request 1 len 51 D, [2013-03-20T20:10:52.946460 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: received agent packet 2 len 5 D, [2013-03-20T20:10:52.946578 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: sending agent request 11 len 0 D, [2013-03-20T20:10:52.946859 #2647] DEBUG -- net.ssh.authentication.agent[3fe826263a88]: received agent packet 12 len 294 D, [2013-03-20T20:10:52.947478 #2647] DEBUG -- net.ssh.authentication.methods.publickey[3fe826263fd8]: trying publickey (b7:96:23:2d:21:f3:5e:dd:ba:e9:7c:7d:f5:4c:fd:0c) D, [2013-03-20T20:10:52.947821 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 5 type 50 len 348 D, [2013-03-20T20:10:52.947994 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 372 bytes D, [2013-03-20T20:10:52.993286 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes D, [2013-03-20T20:10:52.993497 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 5 type 51 len 28 D, [2013-03-20T20:10:52.993717 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: allowed methods: publickey D, [2013-03-20T20:10:52.993904 #2647] DEBUG -- net.ssh.authentication.methods.publickey[3fe826263fd8]: trying publickey (40:2c:20:e7:0c:f4:65:32:76:7c:39:5e:83:84:70:b2) D, [2013-03-20T20:10:52.994095 #2647] DEBUG -- tcpsocket[3fe825c40570]: queueing packet nr 6 type 50 len 348 D, [2013-03-20T20:10:52.994202 #2647] DEBUG -- tcpsocket[3fe825c40570]: sent 372 bytes D, [2013-03-20T20:10:53.035308 #2647] DEBUG -- tcpsocket[3fe825c40570]: read 52 bytes D, [2013-03-20T20:10:53.035556 #2647] DEBUG -- tcpsocket[3fe825c40570]: received packet nr 6 type 51 len 28 D, [2013-03-20T20:10:53.035693 #2647] DEBUG -- net.ssh.authentication.session[3fe826273f28]: allowed methods: publickey E, [2013-03-20T20:10:53.035782 #2647] ERROR -- net.ssh.authentication.session[3fe826273f28]: all authorization methods failed (tried publickey) Password:

这是我最新测试的密钥列表（只是我从服务器检索到的密钥）

 Damians-MacBook-Pro:test dalef$ ssh-add -l 2048 b7:96:23:2d:21:f3:5e:dd:ba:e9:7c:7d:f5:4c:fd:0c pk (RSA)

有什么我想念的吗？我接近尝试基于密码的身份validation。

谢谢！！

更新

还在尝试替代品。我还确保通过与AWS key fingerprint和authorized_keys进行比较来使用正确的密钥

 From Amazon: dalef 90:04:34:df:75:cc:9c:f0:90:4f:77:17:98:ee:ec:c1:95:d9:f6:14 Damians-MacBook-Pro:.ssh dalef$ ec2-fingerprint-key dalef 90:04:34:df:75:cc:9c:f0:90:4f:77:17:98:ee:ec:c1:95:d9:f6:14 Damians-MacBook-Pro:.ssh dalef$ ssh-add dalef Identity added: dalef (dalef) Damians-MacBook-Pro:.ssh dalef$ ssh-add -l 2048 40:2c:20:e7:0c:f4:65:32:76:7c:39:5e:83:84:70:b2 id_rsa (RSA) 2048 e6:02:1a:a4:2a:f9:63:4a:b7:de:66:60:f2:fa:0c:b4 dalef (RSA) [ec2-user@___ .ssh]$ cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcfgMIAbEfNAiSgi4zXsObR1zGPHzVbff2suB/J2rLVgr5XNfLhf+kTRzTij0IWsutYj45j/eI87xC912WYtNG2An8262JwqRJZfwbnfDHMjwPQRwlDNjgGWRZwl8x9HO1V7EmBCaEEpeXg0ogbdhM386f/TTdWdUOofSqTEjuN2Nk73OHirPAj7MuWSGwGAwKCS4In2KbGAP/hk0c/PsCx52J+zjp2lteEaA9qWIovQggRw73dAqV++czMwCx2+7GMGxGx21fgSH4cYZ7Q6XxAxBkmsO7yoKZHUFj5QobSJ1TVh7N/61bFInt6Ua6btTXC7jwaATzkOBkv/rwLgtN **dalef**

还是要求输入密码。

更新我的设置确实有问题。我尝试过允许密码连接，但这也不起作用。我是否需要开始考虑使用Capistrano替代方案？

这是日志

 [ec2-user@___ ~]$ sudo vi /etc/ssh/sshd_config PasswordAuthentication yes [ec2-user@___ ~]$ sudo passwd ec2-user Changing password for user ec2-user. New password: Retype new password: passwd: all authentication tokens updated successfully. [ec2-user@___ ~]$ exit ... E, [2013-03-21T00:31:02.582111 #3739] ERROR -- net.ssh.authentication.session[3fd0f6e21178]: all authorization methods failed (tried password) connection failed for: admin@___.sa-east-1.compute.amazonaws.com (Net::SSH::AuthenticationFailed: admin)

从这些日志中我假设Capistrano正试图以管理员身份登录。 如何将其更改为ec2-user？ （我在deploy.rb中尝试过set：user，“ec2-user”）

经过大量阅读后，我找到了解决方案。这使我指出了正确的方向： https ： //serverfault.com/questions/55343/cant-get-ssh-public-key-authentication-to-work

主要问题是我不知道自己在做什么。所以无论如何，如果有人对我提出的解决方案感兴趣：

不知怎的，Capistrano总是使用管理员用户，除了你设置的用户，所以我创建了一个。您可以继续并按照以下步骤操作： http ： //aws.amazon.com/articles/1233
我使用ssh-keygen -b 1024 -f ec2admin -t dsa创建了我自己的一组pub / private键
我通过使用scp将ec2admin.pub文件复制到服务器中的/home/admin/.ssh
我将pub内容添加到服务器中的/home/admin/.ssh/authorized_keys文件中
然后它确实有助于读取sshd日志：/ var / log / secure（YMMV）
最后在/ home解决了三个错误的权限：

chmod 700 /home/.ssh

chmod 600 /home/.ssh/*

chmod 755 / home / admin

这就是诀窍。我现在可以无需密码登录。谢谢你的帮助！

cap使用admin而不是ec2-user

厨师部署？

在ssh终止后如何使服务器在EC2上运行

在亚马逊EC2上使用capistrano进行生产时，资产不会预编译

mysql不尊重my.cnf中的wait_timeout设置

加载两个名称相同的Ruby Modules / Gems

EC2 – 无法部署为“bitnami”用户

HTTP调用在本地与AWS的行为不同 – 是ruby还是AWS？

无法连接到AWS中的rails服务器

与ror托管错误

AWS Rails安装失败：activesupport需要Ruby版本> = 2.2.2