GitPython - cloning with ssh key - Host key verification failed
Question
i have a problem with cloning git repository in my application.
KEY_FILE = "/opt/app/.ssh/id_rsa"
def read_git_branch(config_id, branch):
config = RepoConfig.objects.get(id=config_id)
save_rsa_key(Credentials.objects.get(id=1).key)
git_ssh_identity_file = os.path.expanduser(KEY_FILE)
git_ssh_cmd = 'ssh -i %s' % git_ssh_identity_file
with Git().custom_environment(GIT_SSH_COMMAND=git_ssh_cmd):
with tempfile.TemporaryDirectory() as tmpdir:
repo = Repo.clone_from(config.url, tmpdir, branch=branch)
branch_obj, _ = Branch.objects.get_or_create(name=branch)
....
def save_rsa_key(key):
if not os.path.exists(os.path.dirname(KEY_FILE)):
try:
os.makedirs(os.path.dirname(KEY_FILE))
except OSError as exc:
if exc.errno != errno.EEXIST:
raise
with open(KEY_FILE, 'w') as id_rsa:
id_rsa.write(key)
os.chmod(KEY_FILE, 0o600)
Expected result is to clone repository to temporary directory, do something with it and delete all files.
Instead I'm getting:
DEBUG/ForkPoolWorker-2] AutoInterrupt wait stderr: b'Host key verification failed.\\nfatal: Could not read from remote repository.\\n\\nPlease make sure you have the correct access rights\\nand the repository exists.\\n'
git.exc.GitCommandError: Cmd('git') failed due to: exit code(128) cmdline: git clone --branch=master -v git@gitlab.foo:bar/project.git /tmp/tmpi_w2xhgt stderr: 'Host key verification failed.
When i try to connect to the same repo directly from machine with key file created by code above with:
ssh-agent bash -c 'ssh-add /opt/app/.ssh/id_rsa; git clone git@gitlab.foo:bar/project.git'
Repo is cloned without problems + host is added to known_hosts . After doing that my code works as expected...
It has to be something with known_hosts . Anyone had similar problem?
Thanks for your help.
3 answers
solution1
3 2019-02-21 08:32:25
You should use env of clone_from.
with Git().custom_environment(GIT_SSH_COMMAND=git_ssh_cmd):
repo = Repo.clone_from(config.url, tmpdir, branch=branch)
→
git.Repo.clone_from(url, repo_dir, env={"GIT_SSH_COMMAND": 'ssh -i /PATH/TO/KEY'})
solution2
2 2020-01-24 14:49:06
This variant:
git.Repo.clone_from("git@bitbucket.org:user/coolrepo.git", r"..\coolrepo", env=dict(GIT_SSH_COMMAND="ssh -i id_rsa"))
works fine for me!
solution3
0 2020-10-16 16:26:17
While the existing answers cover cases where missing the SSH env was the issue, I had a scenario where the remote host key would only be accepted via GitPython, and the environment wasn't able to be modified to include that host key in known hosts.
To ensure host key mismatches never break your code, disable strict host key checks through manipulation of the ssh command:
git.Repo.clone_from(
url,
repo_dir,
env={
"GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no -i /path/to/key"
}
)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.