[英]Php exec git pull script with ssh doesn't work but doing it manually works
I'm trying to make a script where I can Git pull on my ubuntu server after push to Bitbucket repository.我正在尝试制作一个脚本,在推送到 Bitbucket 存储库后,我可以在其中 Git 拉我的 ubuntu 服务器。 I've setup ssh keys to Bitbucket and it works to do git pull command on the repository but it doesn't work when I try it from php exec.
我已经为 Bitbucket 设置了 ssh 密钥,它可以在存储库上执行 git pull 命令,但是当我从 php exec 尝试它时它不起作用。
I've tried chmod commands like /.ssh/bitbucket_rsa like 775 and 777 and chown -R www-data:www-data/.ssh without any luck.我试过像 /.ssh/bitbucket_rsa 这样的 chmod 命令,比如 775 和 777 和 chown -R www-data:www-data/.ssh 没有任何运气。
Response:回应:
array (
0 => 'Host key verification failed.',
1 => 'fatal: Could not read from remote repository.',
2 => '',
3 => 'Please make sure you have the correct access rights',
4 => 'and the repository exists.',
)
Code:代码:
public function gitPull() {
try {
exec("cd " . env("REPO_PATH") . " && git pull 2>&1", $output);
Log::info($output);
} catch (\Exception $e) {
Log::error($e);
}
http_response_code(200);
}
I guess you are stuck with the fact that the user www-data can not establish the SSH connection to the git server.我猜您对用户 www-data 无法建立到 git 服务器的 SSH 连接感到困惑。 I think the simplest was is to create a home directory for the www-data user and create a .ssh directory with the proper permissions, a config file and the key file in there.
我认为最简单的方法是为 www-data 用户创建一个主目录,并创建一个具有适当权限的 .ssh 目录、一个配置文件和其中的密钥文件。 You could always test the setup as root with
您始终可以以 root 身份测试设置
# su - www-data
$ cd <to your repository>
$ git pull
Google for "SSH connections without password" to set it up correctly.谷歌搜索“无密码的 SSH 连接”以正确设置。 And also be aware that SSH refuses to use a key file if the permissions are to loose.
还要注意,如果权限松动,SSH 将拒绝使用密钥文件。
Host key verification failed.
means that ssh could not verify the host key, most likely because there's no known_hosts
file in www-data's home/.ssh directory that contains the expected host key for your repo's server.意味着 ssh 无法验证主机密钥,很可能是因为 www-data 的 home/.ssh 目录中没有
known_hosts
文件包含您的存储库服务器的预期主机密钥。
There's at least two ways to fix that:至少有两种方法可以解决这个问题:
Use ssh-keyscan
as described over on Serverfault.se :按照 Serverfault.se 上的描述使用
ssh-keyscan
:
ssh-keyscan -H [hostname] >> /path/to/www-data's_home_directory/.ssh/known_hosts
You only need to do that once (unless the key changes), but you should check that the key is indeed correct after you run ssh-keyscan
.您只需要执行一次(除非密钥更改),但是您应该在运行
ssh-keyscan
后检查密钥是否确实正确。
Set the GIT_SSH_COMMAND
environment variable before running git
.在运行
git
之前设置GIT_SSH_COMMAND
环境变量。 You can use this to have ssh use a different known_hosts
file:您可以使用它来让 ssh 使用不同的
known_hosts
文件:
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/path/to/known_hosts"
Note that the above assumes shell syntax (eg Bash), you may need to adjust for PHP, particularly the export GIT_SSH_COMMAND=
part.请注意,以上假设使用 shell 语法(例如 Bash),您可能需要针对 PHP 进行调整,尤其是
export GIT_SSH_COMMAND=
部分。
I stack with the same problem working with github:我在使用 github 时遇到了同样的问题:
ssh-keyscan -t rsa github.com | tee github-key-temp | ssh-keygen -lf -
cat github-key-temp >> ~/.ssh/known_hosts
cat github-key-temp >> /etc/ssh/ssh_known_hosts
But that is not all, with next command you can check what is goes wrong (run it throught exec or shell_exec (save out put to some log):但这还不是全部,使用下一个命令,您可以检查出了什么问题(通过 exec 或 shell_exec 运行它(保存到一些日志中):
ssh -vT git@github.com 2>&1
So, with help of privious command, i understand that in my case: cron run's command via php script, but duaring ssh connection it could not find my keysfile (i have custom name for that file):因此,在 privious 命令的帮助下,我明白在我的情况下:cron run 的命令通过 php 脚本,但是在 ssh 连接期间它找不到我的密钥文件(我有该文件的自定义名称):
cd /etc/ssh/ssh_config.d/
sudo touch <some_name>.conf
sudo echo 'IdentityFile ~/.shh/<custom_key_file_name>' > <some_name>.conf
Or try to add full path to location of your keyfile (~/ = current user home dir).或者尝试将完整路径添加到密钥文件的位置(~/ = 当前用户主目录)。 You can check cron user by runing, this can helps to:
您可以通过运行检查 cron 用户,这有助于:
shell_exec('whoami');
PS I have no idea if this solution is enough secure. PS我不知道这个解决方案是否足够安全。 but i think fine.
但我觉得还好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.