使用ssh进行远程Git提取会导致权限被拒绝(公钥)?
[英]Remote Git pull using ssh results in Permission denied (publickey)?
问题描述
I have a git repository in a hosted instance of Atlassian Stash. 
我在Atlassian Stash的托管实例中有一个git存储库。 I then have three machines: olympus, zeus and hera where I deploy the latest release of a software system. 然后,我有三台计算机:olympus,zeus和hera,它们在其中部署了软件系统的最新版本。 To automate this I'd like to remotely deploy from olympus onto the other machines which I try to do using ssh and git pull but this fails with Permission denied (publickey). 为了实现这一点,我想从olympus远程部署到我尝试使用ssh和git pull进行操作的其他计算机上,但是由于Permission denied (publickey).而失败Permission denied (publickey). . 。 I basically do and get: 我基本上做到了:
azg@olympus:~$ ssh azg@zeus 'cd ~/my/project/release/deploy/location/; git pull'
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
I have the following: 我有以下几点:
- Every machine has a different azg user (haven't had time to install LDAP etc) so I have azg@olympus, azg@zeus and azg@hera. 每台机器都有一个不同的azg用户(没有时间安装LDAP等),所以我有azg @ olympus,azg @ zeus和azg @ hera。 For each user I have generated ssh id_rsa key pairs. 我为每个用户生成了ssh id_rsa密钥对。
- I have populated each azg user
authorized_keyswith the corresponding id_rsa.pub of the others我已经用其他人的相应id_rsa.pub填充了每个azg用户authorized_keys Stash azg user is configured with a copy of all id_rsa.pub for every azg user (azg@olympus, azg@zeus, azg@hera) so I can clone, pull or push from every machine via ssh without having to enter password each time.
为每位azg用户(azg @ olympus,azg @ zeus,azg @ hera)配置了存储azg用户的所有id_rsa.pub的副本,因此我可以通过ssh从每台计算机上克隆,提取或推送,而不必每次都输入密码。 Therefore I can do no problems: 因此,我不会有任何问题: azg@olympus:~/code$ git clone ssh://azg@olympus:7999/pm/pm.git Cloning into 'pm'... remote: Counting objects: 555, done. remote: Compressing objects: 100% (271/271), done. remote: Total 555 (delta 203), reused 555 (delta 203) Receiving objects: 100% (555/555), 9.54 MiB, done. Resolving deltas: 100% (203/203), done.
and I can do the same from each machine separately. 而且我可以分别在每台计算机上执行相同的操作。 However, I can't do it if I login remotely first namely it asks me each time for the passphrase for key '/home/azg/.ssh/id_rsa' eg 但是,如果我第一次远程登录,即每次都要求我输入密钥“ /home/azg/.ssh/id_rsa”的密码,我将无法执行此操作,例如
azg@olympus:~$ ssh azg@zeus
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.5.0-43-generic x86_64)
* Documentation: https://help.ubuntu.com/
Last login: Wed Nov 27 17:01:33 2013 from olympus
azg@zeus:~$ cdc
azg@zeus:~/code$ git clone ssh://azg@olympus:7999/pm/pm.git
Cloning into 'pm'...
Enter passphrase for key '/home/azg/.ssh/id_rsa': <<<<<<<<<<< WHY???
remote: Counting objects: 555, done.
remote: Compressing objects: 100% (271/271), done.
remote: Total 555 (delta 203), reused 555 (delta 203)
Receiving objects: 100% (555/555), 9.54 MiB | 145 KiB/s, done.
Resolving deltas: 100% (203/203), done.
1 个解决方案
解决方案1
2 已采纳 2013-11-27 16:09:48
It sounds like you created the RSA key pair on Zeus with a passphrase. 听起来您在Zeus上使用密码创建了RSA密钥对。 (This is different from an account password; it is a passphrase to decrypt the key file itself.) Consider regenerating the key pair and make sure you don't enter anything when ssh-keygen asks for a passphrase. (这与帐户密码不同;它是用于解密密钥文件本身的密码。)考虑重新生成密钥对,并确保当ssh-keygen要求输入密码时,您不要输入任何内容。
Also, although some security experts might frown on the practice, I would recommend creating only one key pair and use it on all the machines. 另外,尽管一些安全专家可能对此并不满意,但我建议仅创建一个密钥对,并在所有计算机上使用它。 Then the authorized_keys file only needs one line and can be identical on all the hosts. 然后, authorized_keys文件仅需要一行,并且在所有主机上都可以相同。
::edit:: As OP points out in comments, if your OS insists on saddling you with ssh-agent (which I would recommend disabling), you will need to run ssh-add on all the machines in order to get ssh-agent to stop issuing warnings. :: edit ::正如OP在注释中指出的那样,如果您的操作系统坚持让您使用ssh-agent (我建议禁用它),那么您将需要在所有机器上运行ssh-add以获得ssh-agent停止发出警告。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.