通过PHP和SSH进行Git:拒绝对用户apache的ssh身份验证
[英]Git via PHP & SSH: ssh authentification of user apache denied
问题描述
I have the following setup: CentOS 6.5, git (client), apache 2.2, running test site etc. Goal is to create a remote browser-level access to execute "git pull". 
我有以下设置:CentOS 6.5,git(客户端),apache 2.2,运行测试站点等。目标是创建一个远程浏览器级别的访问以执行“ git pull”。 There is a general way to implement such thing using PHP. 有一种使用PHP实现此类事物的通用方法。 Lets say I have 2 scripts, one is php (it's being called to be executed directly via browser), another is shell scripts - gitpull.php and gitpull.sh, respectively. 可以说我有2个脚本,一个是php(被称为直接通过浏览器执行),另一个是shell脚本-分别是gitpull.php和gitpull.sh。
gitpull.php (it's in the same folder as index.php) contents: gitpull.php(与index.php在同一文件夹中)内容:
<?php
$message=shell_exec("/var/www/html/...PATH-TO-INDEX.PHP.../gitpull.sh 2>&1");
?>
gitpull.sh contents: gitpull.sh内容:
cd /var/www/html/...PATH-TO-FOLDER-WHERE-.GIT-WAS-INITIALIZED
git pull origin master:master
As I understand it, by calling up a php script all the following actions are to be performed as "apache" user, hence I have rsa keys created via sudo -u apache ssh-keygen -t rsa . 据我了解,通过调用php脚本,所有以下操作均应以“ apache”用户身份执行,因此我通过sudo -u apache ssh-keygen -t rsa创建了rsa密钥。 Both keys are in ~/.ssh directory (apache is set up to access them), as well as copies in /var/www (apache home folder by default, I did it to avoid confusion in case apache uses keys only from there). 这两个键都在~/.ssh目录中(设置为可以访问它们),以及在/var/www副本(默认情况下为apache主文件夹,我这样做是为了避免混淆,以防apache仅从那里使用键) 。 I assume the location of keys does not matter as long as they are registered in sss using "ssh-add". 我认为只要使用“ ssh-add”在sss中注册密钥,密钥的位置就没有关系。 Apache has permissions to access all relevant files/folders. Apache有权访问所有相关文件/文件夹。
I figured that my problem is not in scripting, so I decided to check: 我发现我的问题不在脚本中,所以我决定检查:
# ssh -T git@bitbucket.org
(works great, key is accepted), then (效果很好,可以接受密钥),然后
# sudo -u apache ssh -T git@bitbucket.org
returns 退货
Permission denied (publickey).
Question: what did I miss in my setup? 问题:我在设置中想念什么? Why apache cannot be identified by its ssh key? 为什么apache无法通过其ssh密钥识别? If I'm wrong in working derictories, then where the keys must be in order for apache to use them with ssh? 如果我在工作细节上写错了,那么为了让apache将它们与ssh一起使用,密钥必须在哪里? Could it help scripting ssh access in some customized way? 它能以某种自定义方式帮助脚本化ssh访问吗?
2 个解决方案
解决方案1
0 2014-08-08 13:13:24
您是否在您的bitbucket帐户中添加了ssh公钥?
解决方案2
0 2014-12-24 15:04:02
To debug the issue, I ran: sudo -u www-data php git.php
This answer help by showing how to debug! 该答案通过显示如何调试来提供帮助! https://stackoverflow.com/a/13097666/2614353 https://stackoverflow.com/a/13097666/2614353
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.