Menu
I am trying to use a deployment php script on my shared linux server to pull in a private repo from github.com using their web-hooks feature, using ssh for the first time.
essentially: everytime i commit to github the web-hook sends a post request to my php file, i want to use this to issue a simple git pull command, thus keeping my server and github in sync and meaning I have a decent workflow that will help me stop editing stuff on a production server.
I am using terminal for my ssh connections.
I used ssh to go to my server and create a clone of my private repo and this worked.
I can, therefore, ssh in to my server and issue a git pull and it works perfectly. But of course i would like to automate this process. If I can get this to work I would like to do the same for a couple of other repos.
I have followed github's guide on creating keys and adding them to ssh keys section of my account on github.com, i can see the keys exist in /.ssh/ folder on my host. the private keys have chmod 600, public keys are 644. I have deleted these, recreated new ones and deleted/re-added the public keys on github several times.
I have currently have these keys:
1024 03:c4:16:45:40:77:a4:94:a4:... /home/username/.ssh/id_dsa (DSA)
2048 b3:62:87:e0:4b:39:aa:06:97... /home/username/.ssh/id_github (RSA)
I have a /.ssh/config file with the following (in the hope github uses the id_github key based on this SO answer:
# Default GitHub
Host github_server
HostName github.com
user git
ForwardAgent yes
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_github
and i have updated my .git/config to change the command to git@github_server:username/repo
I have copied the keys to authorized_keys using
cat id_github.pub >> authorized_keys
But when i make a commit I get an email saying permissions denied (publickey) (my php script issues emails for success/failure and is based on this repo:
this uses a simple git pull in a shell_exec function I have added 2>&1 to the end for debugging.
I changed my command to (trying to add the key for the user)
`ssh-add -l git pull 2>&1`
and got the message
`Could not open a connection to your authentication agent.`
So I then attempted to start the ssh-agent using
`eval $(ssh-agent) ssh-add ssh-add -l git pull`
it returns an agent pid.
Agent pid 944568
ssh-add: No such file or directory
-l: No such file or directory
git: No such file or directory
pull: No such file or directory
no good, so i tried just:
`eval $(ssh-agent) ssh-add git pull`
and that returned:
Agent pid 949815
git: No such file or directory
pull: No such file or directory
and for completion just this:
`eval $(ssh-agent) ssh-add -l git pull`
and that returned:
Agent pid 952014
The agent has no identities.
additionally at some point, trying anything,
**edit: later worked out it was this: [^] **
eval $(ssh-agent) ssh-add ~/.ssh/id_github git pull 2>&1
i added something else to my command that gave me this:
Agent pid 940365
Enter passphrase for /home/username/.ssh/id_github:
ssh-add: No such file or directory
-l: No such file or directory
git: No such file or directory
pull: No such file or directory
which suggests i need to add the passphrase for the user and then it would work using the keys, but how can i do this from a php shell_exec command without it being a security issue?
to me this also implies my keys are not set for this user correctly but the output below suggest it is.
more info:
running ps aux | grep ssh shows quite a few ssh-agents listed. I don't know if this is a problem
940006 0.0 0.0 57708 784 ? Ss 23:22 0:00 ssh-agent
940365 0.0 0.0 57708 768 ? Ss 23:24 0:00 ssh-agent
944222 0.0 0.0 57708 784 ? Ss 23:42 0:00 ssh-agent
944568 0.0 0.0 57708 772 ? Ss 23:44 0:00 ssh-agent
944854 0.0 0.0 57708 772 ? Ss 23:45 0:00 ssh-agent
945103 0.0 0.0 57708 772 ? Ss 23:47 0:00 ssh-agent
945188 0.0 0.0 57708 784 ? Ss 23:47 0:00 ssh-agent
running the following command based on this SO answer on ssh
# ssh -i ~/.ssh/id_github -vT [email protected]
i get this...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/username/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to github.com [192.30.252.129] port 22.
debug1: Connection established.
debug1: identity file /home/username/.ssh/id_github type 1
debug1: identity file /home/username/.ssh/id_github-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian- 5ubuntu1+github5
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1+github5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /home/username/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/username/.ssh/id_github
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
...
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2440, received 2920 bytes, in 0.2 seconds
Bytes per second: sent 12993.2, received 15549.2
debug1: Exit status 1
I've trimmed out some of the stuff i didn't think was relevant, it looks like the keys exist and are accepted - which is the important bit right?
So what am i missing?
p.s. i definitely have the keys added to github.
thanks
^ edit
running this: eval $(ssh-agent) ssh-add ~/.ssh/id_github in terminal returned:
Agent pid 958924
Enter passphrase for /home/username/.ssh/id_github: (i added passphrase)
Identity added: /home/username/.ssh/id_github (/home/username/.ssh/id_github)
UPDATE:
I deleted all my keys, started again with a keygen using the default id_rsa filename, I left the passphrase blank and it works!! Email received and a git pull command and a test file deployed. Super.
Looking at github guidance for passphrases I went in and edited my key adding a passphrase and i'm back to square one. Permission denied (publickey).
750
Always use the "git" user $ ssh -T [email protected] > Permission denied (publickey). If your connection failed and you're using a remote URL with your GitHub username, you can change the remote URL to use the "git" user. You should verify your connection by typing: $ ssh -T [email protected] > Hi username!
If you want to use a password to access the SSH server, a solution for fixing the Permission denied error is to enable password login in the sshd_config file. In the file, find the PasswordAuthentication line and make sure it ends with yes . Find the ChallengeResponseAuthentication option and disable it by adding no .
This error comes up when using a wrong private key or no key at all when trying to connect via SSH. To resolve the problem, you should generate a new key pair and connect using that new set of keys.
Github also allows deploy keys, these are the same as the normal ssh keys, but generally don't come with a passphrase. I am able to deploy without a passphrase as stated in my question earlier.
This seems to be working ok, so will accept it as an answer.
167
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
