stackoom
  简体   繁体   中英

How to run a sudo command, remotely, trough SSH, using an IdentityFile?

 原文  2017-01-01 11:17:20       linux/ git/ shell/ command-line/ githooks

Question

I'm trying to trigger an executable file ' post-receive ', after pushing some changes to a git repo on a remote machine . Within this file are some commands that require elevated privileges , such as: 

sudo -S rm -f $HOME/.build
sudo -S rm -f $HOME/Packages

I've added a remote to my local repo: 

git remote add live ssh://dev@ip/home/dev/app/.git

So I can push changes to my remote repo, like this: 

git push live master

The ' post-receive ' file executes, whenever I push.

However , a password is requested for sudo commands within the ' post-receive ' file. 

remote: [sudo] password for dev: Sorry, try again.
remote: [sudo] password for dev: 
remote: sudo: 1 incorrect password attempt
remote: [sudo] password for dev:
  • An unexpected event, had I not configured my access trough ssh keys and specified my identity file.

Locally I have setup my SSH keys: 

~/.ssh/id_rsa
~/.ssh/id_rsa.pub

Then , I've copied the local ' ~/.ssh/id_rsa.pub ' file contents into the remote ' ~/.ssh/authorized_keys ' file.

I've also setup a ' config ' file, locally, specifying the location of my identity: 

HostName ip
IdentityFile ~/.ssh/id_rsa

At this point, I'm able to ssh into the remote machine, without any passwords , like this: 

ssh dev@ip

This was already expected, however, when pushing changes to my remote repo: 

git push live master

...it asks me for a password when running the remote ' post-receive ' file.

  • Why am I asked for this password?
  • What step am I not seeing clearly?

Running :

  • OS X El Capitan locally
  • Ubuntu 16.04.1 LTS remotely

Following the Digital Ocean Deployment Tutorial

1 answers

solution1
 4 ACCPTED  2017-01-01 11:33:35

  1. This has nothing to do with GIT or SSH. Linux distributions by default require any user running a sudo command, even if they have permissions, to enter the password. This can be overridden (see below).

  2. The step to override this :)

Check this answer for example.

You need to add a NOPASSWD directive in your sudoers file for the relevant user. Modified from that answer: 

dev ALL = NOPASSWD: ALL

You could replace ALL with a specific command for safety.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Run sudo command via ssh How to run multiple sudo command over ssh using bash script securely and only entering password once how to sudo su during ssh remote command How to sudo run a local script over ssh How to run a command without sudo? IdentityFile ignored in ssh configuration How to run a sudo command on startup? ssh sudo pipe command Run wget command via ssh remotely but connection timeout How to run SSH command using Laravel Envoy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM