setting up git public key on apache virtual host

Question

I have a VPS running CentOS 7 Apache server. I have my website in the /var/www/domain.com directory and I am having an issue setting up git.

I want to use a public key to connect to my git repository and I keep getting

Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

when ever I try to run any type of git command, fetch, pull, clone...

I setup a .ssh public key in /var/www/.ssh/id_rsa.pub , using

sudo ssh-keygen

I added the key to BitBucket but no matter what I try I am getting errors.

Any suggestions?

PS the owner and group assigned to /var/www/.ssh is apache:apache with 0700 permissions on the folder and all files under => /var/www/.ssh/

Also, I do have a private key located in /var/www/.ssh/id_rsa, and My /var/www/.ssh/config file looks like this:

Host bitbucket.org
 IdentityFile /var/www/.ssh/id_rsa

Answer 1

It is the public key that should go to BitBucket, while the private key should most likely go to the default location ~/.ssh/id_rsa .

Mind that if you overwrite whatever existing private key is there, you will lose access to those systems you had originally access to. Better to generate or provide the matching public key to whatever private key is already located at ~/.ssh/id_rsa .

If you do want to store a custom private key separate from it's default location, then that will have to be customized in your git settings.

To summarize:

• Make sure you have a private key stored at ~/.ssh/id_rsa .
• Send the matching public key to BitBucket.
• You can store for safekeeping a copy of the public key at ~/.ssh/id_rsa/pub . It will however not be used.
• Make sure that privileges are set right for the following directories:
  • Your home directory ( ~ )
  • The ~/.ssh directory
  • The private key - ~/.ssh/id_rsa .
  • and several other important files under ~/.ssh .

You can use following script to get privileges fixed if it is broken:

chmod go-w ~
[[ ! -d ~/.ssh ]] && mkdir ~/.ssh
chmod 700 ~/.ssh

[[ -f ~/.ssh/id_rsa ]] && chmod 600 ~/.ssh/id_rsa
[[ -f ~/.ssh/id_rsa.pub ]] && chmod 640 ~/.ssh/id_rsa.pub
[[ -f ~/.ssh/authorized_keys ]] && chmod 640 ~/.ssh/authorized_keys

chown ${USER}: ~
chown -R ${USER}: ~/.ssh

This should in most cases fix privilege related issues, as ssh will refuse to work if not setup right. If you have it any other way, you leave your system potentially vulnerable to an attack, and even if ssh doesn't work yet, your private key could get corrupted by an attack, or stolen.

Make sure the sample script did not get modified from it's original version (no stackoverflow edits by others), unless it was properly documented as to why the edit happened.