[英]deploying from github to linux server using ssh but Permission denied (publickey). PHP script
I am trying to use a deployment php script on my shared linux server to pull in a private repo from github.com using their web-hooks feature, using ssh for the first time . 我正在尝试在共享的Linux服务器上使用部署php脚本,使用其网络挂钩功能( 首次使用ssh)从github.com提取私有存储库。
essentially: everytime i commit to github the web-hook sends a post request to my php file, i want to use this to issue a simple git pull
command, thus keeping my server and github in sync and meaning I have a decent workflow that will help me stop editing stuff on a production server. 本质上:每次我提交到github时,网络挂钩都会向我的php文件发送一个发布请求,我想使用它发出一个简单的git pull
命令,从而使我的服务器和github保持同步,这意味着我拥有一个不错的工作流程帮助我停止在生产服务器上编辑内容。
I am using terminal for my ssh connections. 我正在使用终端进行ssh连接。
I used ssh to go to my server and create a clone of my private repo and this worked. 我使用ssh转到我的服务器,并创建了我的私人仓库的克隆,并且可以正常工作。
I can, therefore, ssh in to my server and issue a git pull
and it works perfectly. 因此,我可以ssh进入服务器并发出git pull
,它可以完美运行。 But of course i would like to automate this process. 但是,当然,我想使这个过程自动化。 If I can get this to work I would like to do the same for a couple of other repos. 如果我可以使它正常工作,那么我想对其他两个存储库也一样。
I have followed github's guide on creating keys and adding them to ssh keys
section of my account on github.com, i can see the keys exist in /.ssh/ folder on my host. 我遵循了github上有关创建密钥并将其添加到我在github.com上的帐户的ssh keys
部分中的指南,我可以看到这些密钥存在于主机上的/.ssh/文件夹中。 the private keys have chmod 600, public keys are 644. I have deleted these, recreated new ones and deleted/re-added the public keys on github several times. 私钥有chmod 600,公钥是644。我已删除了这些密钥,重新创建了新密钥,并在github上多次删除/重新添加了公钥。
I have currently have these keys: 我目前有这些键:
1024 03:c4:16:45:40:77:a4:94:a4:... /home/username/.ssh/id_dsa (DSA)
2048 b3:62:87:e0:4b:39:aa:06:97... /home/username/.ssh/id_github (RSA)
I have a /.ssh/config file with the following (in the hope github uses the id_github key based on this SO answer : 我有一个/.ssh/config文件,其中包含以下内容(希望github根据此SO答案使用id_github密钥:
# Default GitHub
Host github_server
HostName github.com
user git
ForwardAgent yes
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_github
and i have updated my .git/config to change the command to git@github_server:username/repo
并且我已经更新了.git / config,将命令更改为git@github_server:username/repo
I have copied the keys to authorized_keys using 我已将密钥复制到使用
cat id_github.pub >> authorized_keys
But when i make a commit I get an email saying permissions denied (publickey)
(my php script issues emails for success/failure and is based on this repo : 但是当我提交时,我收到一封电子邮件,指出permissions denied (publickey)
(我的php脚本会根据成功的原因发送电子邮件以表明成功/失败的原因:
this uses a simple git pull
in a shell_exec
function I have added 2>&1
to the end for debugging. 这在shell_exec
函数中使用了一个简单的git pull
,我已经在调试末尾添加了2>&1
。
I changed my command to (trying to add the key for the user) 我将命令更改为(尝试为用户添加密钥)
`ssh-add -l git pull 2>&1`
and got the message 并得到消息
`Could not open a connection to your authentication agent.`
So I then attempted to start the ssh-agent using 所以我然后尝试使用以下命令启动ssh-agent
`eval $(ssh-agent) ssh-add ssh-add -l git pull`
it returns an agent pid. 它返回一个代理PID。
Agent pid 944568
ssh-add: No such file or directory
-l: No such file or directory
git: No such file or directory
pull: No such file or directory
no good, so i tried just: 不好,所以我试着:
`eval $(ssh-agent) ssh-add git pull`
and that returned: 然后返回:
Agent pid 949815
git: No such file or directory
pull: No such file or directory
and for completion just this: 为了完成这一点:
`eval $(ssh-agent) ssh-add -l git pull`
and that returned: 然后返回:
Agent pid 952014
The agent has no identities.
additionally at some point, trying anything, 另外,在任何时候尝试任何事情,
**edit: later worked out it was this: [^] ** **编辑:后来算出的是这样的:[^] **
eval $(ssh-agent) ssh-add ~/.ssh/id_github git pull 2>&1
i added something else to my command that gave me this: 我在命令中添加了其他内容,从而使我做到了:
Agent pid 940365
Enter passphrase for /home/username/.ssh/id_github:
ssh-add: No such file or directory
-l: No such file or directory
git: No such file or directory
pull: No such file or directory
which suggests i need to add the passphrase for the user and then it would work using the keys, but how can i do this from a php shell_exec command without it being a security issue? 这表明我需要为用户添加密码,然后可以使用密钥工作,但是如何从php shell_exec命令执行此操作而又没有安全性问题?
to me this also implies my keys are not set for this user correctly but the output below suggest it is. 对我来说,这还意味着未正确为此用户设置我的密钥,但下面的输出表明确实如此。
more info: 更多信息:
running ps aux | grep ssh
正在运行ps aux | grep ssh
ps aux | grep ssh
shows quite a few ssh-agents listed. ps aux | grep ssh
显示了很多列出的ssh代理。 I don't know if this is a problem 我不知道这是不是一个问题
940006 0.0 0.0 57708 784 ? Ss 23:22 0:00 ssh-agent
940365 0.0 0.0 57708 768 ? Ss 23:24 0:00 ssh-agent
944222 0.0 0.0 57708 784 ? Ss 23:42 0:00 ssh-agent
944568 0.0 0.0 57708 772 ? Ss 23:44 0:00 ssh-agent
944854 0.0 0.0 57708 772 ? Ss 23:45 0:00 ssh-agent
945103 0.0 0.0 57708 772 ? Ss 23:47 0:00 ssh-agent
945188 0.0 0.0 57708 784 ? Ss 23:47 0:00 ssh-agent
running the following command based on this SO answer on ssh 基于此在ssh上的答案运行以下命令
# ssh -i ~/.ssh/id_github -vT git@github.com
i get this... 我明白了...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/username/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to github.com [192.30.252.129] port 22.
debug1: Connection established.
debug1: identity file /home/username/.ssh/id_github type 1
debug1: identity file /home/username/.ssh/id_github-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian- 5ubuntu1+github5
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1+github5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /home/username/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/username/.ssh/id_github
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
...
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2440, received 2920 bytes, in 0.2 seconds
Bytes per second: sent 12993.2, received 15549.2
debug1: Exit status 1
I've trimmed out some of the stuff i didn't think was relevant, it looks like the keys exist and are accepted - which is the important bit right? 我已经删掉了一些我认为不相关的内容,看起来这些键已经存在并被接受了-这很重要吗?
So what am i missing? 那我想念什么?
ps i definitely have the keys added to github. ps我肯定有添加到github的密钥。
thanks 谢谢
^ edit ^编辑
running this: eval $(ssh-agent) ssh-add ~/.ssh/id_github
in terminal returned: 在终端中运行以下命令: eval $(ssh-agent) ssh-add ~/.ssh/id_github
返回:
Agent pid 958924
Enter passphrase for /home/username/.ssh/id_github: (i added passphrase)
Identity added: /home/username/.ssh/id_github (/home/username/.ssh/id_github)
UPDATE: 更新:
I deleted all my keys, started again with a keygen using the default id_rsa filename, I left the passphrase blank and it works!! 我删除了所有密钥,再次使用默认的id_rsa文件名从密钥生成器开始,我将密码短语留空了! Email received and a git pull
command and a test file deployed. 收到电子邮件,并部署了git pull
命令和测试文件。 Super. 超。
Looking at github guidance for passphrases I went in and edited my key adding a passphrase and i'm back to square one. 查看github上的密码短语指南,我进入并编辑了我的密钥并添加了密码短语,然后我回到正题。 Permission denied (publickey).
Github also allows deploy keys, these are the same as the normal ssh keys, but generally don't come with a passphrase. Github还允许部署密钥,这些密钥与普通的ssh密钥相同,但通常不附带密码。 I am able to deploy without a passphrase as stated in my question earlier. 如我前面的问题所述,我无需口令即可进行部署。
This seems to be working ok, so will accept it as an answer. 这似乎工作正常,因此可以接受它作为答案。
Try in your config file the following: 在配置文件中尝试以下操作:
User git
Instead of 代替
user git
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.