[英]How to run a sudo command, remotely, trough SSH, using an IdentityFile?
I'm trying to trigger an executable file ' post-receive ', after pushing some changes to a git repo on a remote machine . 在将一些更改推送到远程计算机上的git repo之后,我试图触发可执行文件“ post-receive ”。 Within this file are some commands that require elevated privileges , such as:
该文件中包含一些需要提升特权的命令,例如:
sudo -S rm -f $HOME/.build
sudo -S rm -f $HOME/Packages
I've added a remote to my local repo: 我已经在我的本地仓库中添加了一个遥控器 :
git remote add live ssh://dev@ip/home/dev/app/.git
So I can push changes to my remote repo, like this: 因此,我可以将更改推送到我的远程仓库中,如下所示:
git push live master
The ' post-receive ' file executes, whenever I push. 每当我按下时,“ post-receive ”文件就会执行。
However , a password is requested for sudo commands within the ' post-receive ' file. 但是 ,“ post-receive ”文件中的sudo命令需要输入密码。
remote: [sudo] password for dev: Sorry, try again.
remote: [sudo] password for dev:
remote: sudo: 1 incorrect password attempt
remote: [sudo] password for dev:
Locally I have setup my SSH keys: 我在本地设置了SSH密钥:
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
Then , I've copied the local ' ~/.ssh/id_rsa.pub ' file contents into the remote ' ~/.ssh/authorized_keys ' file. 然后 ,将本地的〜/ .ssh / id_rsa.pub文件内容复制到远程的〜/ .ssh / authorized_keys文件中。
I've also setup a ' config ' file, locally, specifying the location of my identity: 我还在本地设置了一个“ config ”文件,指定了我的身份的位置:
HostName ip
IdentityFile ~/.ssh/id_rsa
At this point, I'm able to ssh into the remote machine, without any passwords , like this: 在这一点上,我可以不用任何密码就可以进入远程计算机,如下所示:
ssh dev@ip
This was already expected, however, when pushing changes to my remote repo: 但是,当将更改推送到我的远程仓库时,这已经是预期的:
git push live master
...it asks me for a password when running the remote ' post-receive ' file. ...在运行远程“ 接收后 ”文件时要求我输入密码。
Running : 正在运行 :
Following the Digital Ocean Deployment Tutorial 遵循数字海洋部署教程
This has nothing to do with GIT or SSH. 这与GIT或SSH无关。 Linux distributions by default require any user running a
sudo
command, even if they have permissions, to enter the password. 默认情况下,Linux发行版要求任何运行
sudo
命令的用户(即使具有权限)也必须输入密码。 This can be overridden (see below). 这可以被覆盖(见下文)。
The step to override this :) 覆盖此步骤:)
Check this answer for example. 例如,检查此答案 。
You need to add a NOPASSWD
directive in your sudoers
file for the relevant user. 您需要在
sudoers
文件中为相关用户添加NOPASSWD
指令。 Modified from that answer: 从该答案修改为:
dev ALL = NOPASSWD: ALL
You could replace ALL
with a specific command for safety. 为了安全起见,您可以使用特定命令替换
ALL
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.