如何使用IdentityFile通过SSH远程运行sudo命令?
[英]How to run a sudo command, remotely, trough SSH, using an IdentityFile?
问题描述
I'm trying to trigger an executable file ' post-receive ', after pushing some changes to a git repo on a remote machine . 
在将一些更改推送到远程计算机上的git repo之后,我试图触发可执行文件“ post-receive ”。 Within this file are some commands that require elevated privileges , such as: 该文件中包含一些需要提升特权的命令,例如:
sudo -S rm -f $HOME/.build
sudo -S rm -f $HOME/Packages
I've added a remote to my local repo: 我已经在我的本地仓库中添加了一个遥控器 :
git remote add live ssh://dev@ip/home/dev/app/.git
So I can push changes to my remote repo, like this: 因此,我可以将更改推送到我的远程仓库中,如下所示:
git push live master
The ' post-receive ' file executes, whenever I push. 每当我按下时,“ post-receive ”文件就会执行。
However , a password is requested for sudo commands within the ' post-receive ' file. 但是 ,“ post-receive ”文件中的sudo命令需要输入密码。
remote: [sudo] password for dev: Sorry, try again.
remote: [sudo] password for dev:
remote: sudo: 1 incorrect password attempt
remote: [sudo] password for dev:
- An unexpected event, had I not configured my access trough ssh keys and specified my identity file. 如果没有配置访问槽ssh密钥并指定了身份文件,则发生意外事件。
Locally I have setup my SSH keys: 我在本地设置了SSH密钥:
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
Then , I've copied the local ' ~/.ssh/id_rsa.pub ' file contents into the remote ' ~/.ssh/authorized_keys ' file. 然后 ,将本地的〜/ .ssh / id_rsa.pub文件内容复制到远程的〜/ .ssh / authorized_keys文件中。
I've also setup a ' config ' file, locally, specifying the location of my identity: 我还在本地设置了一个“ config ”文件,指定了我的身份的位置:
HostName ip
IdentityFile ~/.ssh/id_rsa
At this point, I'm able to ssh into the remote machine, without any passwords , like this: 在这一点上,我可以不用任何密码就可以进入远程计算机,如下所示:
ssh dev@ip
This was already expected, however, when pushing changes to my remote repo: 但是,当将更改推送到我的远程仓库时,这已经是预期的:
git push live master
...it asks me for a password when running the remote ' post-receive ' file. ...在运行远程“ 接收后 ”文件时要求我输入密码。
- Why am I asked for this password? 为什么要求输入密码?
- What step am I not seeing clearly? 我看不清哪一步?
Running : 正在运行 :
- OS X El Capitan locally OS X El Capitan本地
- Ubuntu 16.04.1 LTS remotely 远程Ubuntu 16.04.1 LTS
Following the Digital Ocean Deployment Tutorial 遵循数字海洋部署教程
1 个解决方案
解决方案1
4 已采纳 2017-01-01 11:33:35
This has nothing to do with GIT or SSH.
这与GIT或SSH无关。 Linux distributions by default require any user running a sudocommand, even if they have permissions, to enter the password.默认情况下,Linux发行版要求任何运行sudo命令的用户(即使具有权限)也必须输入密码。 This can be overridden (see below).这可以被覆盖(见下文)。 The step to override this :)
覆盖此步骤:)
Check this answer for example. 例如,检查此答案 。
You need to add a NOPASSWD directive in your sudoers file for the relevant user. 您需要在sudoers文件中为相关用户添加NOPASSWD指令。 Modified from that answer: 从该答案修改为:
dev ALL = NOPASSWD: ALL
You could replace ALL with a specific command for safety. 为了安全起见,您可以使用特定命令替换ALL 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.