GitPython - 使用 ssh 密钥克隆 - 主机密钥验证失败
[英]GitPython - cloning with ssh key - Host key verification failed
问题描述
i have a problem with cloning git repository in my application.
我在我的应用程序中克隆 git 存储库时遇到问题。
KEY_FILE = "/opt/app/.ssh/id_rsa"
def read_git_branch(config_id, branch):
config = RepoConfig.objects.get(id=config_id)
save_rsa_key(Credentials.objects.get(id=1).key)
git_ssh_identity_file = os.path.expanduser(KEY_FILE)
git_ssh_cmd = 'ssh -i %s' % git_ssh_identity_file
with Git().custom_environment(GIT_SSH_COMMAND=git_ssh_cmd):
with tempfile.TemporaryDirectory() as tmpdir:
repo = Repo.clone_from(config.url, tmpdir, branch=branch)
branch_obj, _ = Branch.objects.get_or_create(name=branch)
....
def save_rsa_key(key):
if not os.path.exists(os.path.dirname(KEY_FILE)):
try:
os.makedirs(os.path.dirname(KEY_FILE))
except OSError as exc:
if exc.errno != errno.EEXIST:
raise
with open(KEY_FILE, 'w') as id_rsa:
id_rsa.write(key)
os.chmod(KEY_FILE, 0o600)
Expected result is to clone repository to temporary directory, do something with it and delete all files.预期结果是将存储库克隆到临时目录,对其进行处理并删除所有文件。
Instead I'm getting:相反,我得到:
DEBUG/ForkPoolWorker-2] AutoInterrupt wait stderr: b'Host key verification failed.\\nfatal: Could not read from remote repository.\\n\\nPlease make sure you have the correct access rights\\nand the repository exists.\\n'
git.exc.GitCommandError: Cmd('git') failed due to: exit code(128) cmdline: git clone --branch=master -v git@gitlab.foo:bar/project.git /tmp/tmpi_w2xhgt stderr: 'Host key verification failed.
When i try to connect to the same repo directly from machine with key file created by code above with:当我尝试使用由上面的代码创建的密钥文件直接从机器连接到同一个 repo 时:
ssh-agent bash -c 'ssh-add /opt/app/.ssh/id_rsa; git clone git@gitlab.foo:bar/project.git'
Repo is cloned without problems + host is added to known_hosts .回购克隆没有问题+主机被添加到known_hosts 。 After doing that my code works as expected...这样做之后,我的代码按预期工作......
It has to be something with known_hosts .它必须是known_hosts东西。 Anyone had similar problem?有人遇到过类似的问题吗?
Thanks for your help.谢谢你的帮助。
3 个解决方案
解决方案1
3 2019-02-21 08:32:25
You should use env of clone_from.您应该使用 clone_from 的 env。
with Git().custom_environment(GIT_SSH_COMMAND=git_ssh_cmd):
repo = Repo.clone_from(config.url, tmpdir, branch=branch)
→ →
git.Repo.clone_from(url, repo_dir, env={"GIT_SSH_COMMAND": 'ssh -i /PATH/TO/KEY'})
解决方案2
2 2020-01-24 14:49:06
This variant:这个变种:
git.Repo.clone_from("git@bitbucket.org:user/coolrepo.git", r"..\coolrepo", env=dict(GIT_SSH_COMMAND="ssh -i id_rsa"))
works fine for me!对我来说很好用!
解决方案3
0 2020-10-16 16:26:17
While the existing answers cover cases where missing the SSH env was the issue, I had a scenario where the remote host key would only be accepted via GitPython, and the environment wasn't able to be modified to include that host key in known hosts.虽然现有答案涵盖了缺少 SSH 环境的情况,但我有一个场景,即只能通过 GitPython 接受远程主机密钥,并且无法修改环境以在已知主机中包含该主机密钥。
To ensure host key mismatches never break your code, disable strict host key checks through manipulation of the ssh command:为确保主机密钥不匹配永远不会破坏您的代码,请通过操作ssh命令禁用严格的主机密钥检查:
git.Repo.clone_from(
url,
repo_dir,
env={
"GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no -i /path/to/key"
}
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.