~/.ssh/config
# User_A
Host github.com-User_A
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
# User_B
Host github.com-User_B
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_user_b
IdentitiesOnly yes
# http://serverfault.com/questions/400633/capistrano-deploying-to-different-servers-with-different-authentication-methods
Host example.com
IdentityFile ~/.ssh_keys/example_env.pem
ForwardAgent yes
On local machine:
$ ssh -T git#github.com
Hi User_B! You've successfully authenticated, but GitHub does not provide shell access.
On remote machine
~$ ssh remote_user#example.com
[remote_user#example ~]$ ssh -T git#github.com
Hi User_A! You've successfully authenticated, but GitHub does not provide shell access.
Note:
ssh-add -l shows all the mentioned keys enlisted
deploy.rb contains:
set :repository, "git#User_B:<REPO_NAME>"
ssh_options[:forward_agent] = true
I am trying to deploy my application using Capistrano to an Amazon EC2 instance for which I the .pem file is already added to my local machine using ssh-add and it can be seen enlisted in output for ssh-add -l.However I am facing following error while deploying:
** [example.com :: err] ERROR: Repository not found.
** fatal: The remote end hung up unexpectedly
Following is the full output of my cap deploy command:
$ cap bat deploy
triggering load callbacks
* executing `bat'
triggering start callbacks for `deploy'
* executing `multistage:ensure'
* executing `deploy'
* executing `deploy:update'
** transaction: start
* executing `deploy:update_code'
updating the cached checkout on all servers
executing locally: "git ls-remote git#User_B:<REPO_NAME> <BRANCH_NAME>"
command finished in 6296ms
* executing "if [ -d /srv/<APP_NAME>/shared/cached-copy ]; then cd /srv/<APP_NAME>/shared/cached-copy && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard df84fadff305e1729991caddde47f6802e424d57 && git clean -q -d -x -f; else git clone -q git#User_B:<REPO_NAME> /srv/<APP_NAME>/shared/cached-copy && cd /srv/<APP_NAME>/shared/cached-copy && git checkout -q -b deploy df84fadff305e1729991caddde47f6802e424d57; fi"
servers: ["example.com"]
[example.com] executing command
** [example.com :: err] ERROR: Repository not found.
** fatal: The remote end hung up unexpectedly
command finished in 3811ms
*** [deploy:update_code] rolling back
* executing "rm -rf /srv/<APP_NAME>/releases/20130723222237; true"
servers: ["example.com"]
[example.com] executing command
command finished in 477ms
failed: "sh -c 'if [ -d /srv/<APP_NAME>/shared/cached-copy ]; then cd /srv/<APP_NAME>/shared/cached-copy && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard df84fadff305e1729991caddde47f6802e424d57 && git clean -q -d -x -f; else git clone -q git#User_B:<REPO_NAME> /srv/<APP_NAME>/shared/cached-copy && cd /srv/<APP_NAME>/shared/cached-copy && git checkout -q -b deploy df84fadff305e1729991caddde47f6802e424d57; fi'" on example.com
So I guess this error is caused due to conflicts arising between multiple SSH keys getting detected i.e. on local machine User_B(who is a member of the repository) is used as default however on remote machine User_A(who is not having access to the repository) is used.
If my assumption is correct can anybody please help me in getting this problem solved? Is there any way in which a specific user config can be used while agent forwarding? If not then what could be the solution to this?
Thanks.
Ok it seems like the sequence in which keys are listed in ~/.ssh/config matters.
Initially it was
# User_A
Host github.com-User_A
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
# User_B
Host github.com-User_B
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_user_b
IdentitiesOnly yes
# http://serverfault.com/questions/400633/capistrano-deploying-to-different-servers-with-different-authentication-methods
Host example.com
IdentityFile ~/.ssh_keys/example_env.pem
ForwardAgent yes
Afterwards I did this:
# User_B
Host github.com-User_B
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_user_b
IdentitiesOnly yes
# User_A
Host github.com-User_A
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
# http://serverfault.com/questions/400633/capistrano-deploying-to-different-servers-with-different-authentication-methods
Host example.com
IdentityFile ~/.ssh_keys/example_env.pem
ForwardAgent yes
But after doing that I didn't restarted the machine, thus the changes were not in effect.
This morning after I started my machine after posting above problem I found that it is working:
On local machine:
$ ssh -T git#github.com
Hi User_B! You've successfully authenticated, but GitHub does not provide shell access.
On remote machine
$ ssh -T git#github.com
Hi User_B! You've successfully authenticated, but GitHub does not provide shell access.
Hope this helps somebody else in case he faces a similar problem.
Thanks.
Related
Hi i have a problem configuring bitbucket pipeline with ssh login on my remote server.
The output of error is:
ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory
Host key verification failed
These are the steps i follow:
generate private and public keys (without password) on my server using this command: ssh-keygen -t rsa -b 4096
add base64 encoded private key under Repository Settings->Pipelines->Deployments->Staging environments
push file "my_known_hosts" on the repository created with: ssh-keyscan -t rsa myserverip > my_known_hosts
I also tried to do another test:
generate keys from Repository Settings
copy public key to authorized_keys file on my remote server
type the ip of my remote server in "Known hosts" click fetch and add
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
This is how i configure pipeline ssh connection
image: atlassian/default-image:latest
pipelines:
default:
- step:
name: Deploy to staging
deployment: staging
script:
- echo "Deploying to staging environment"
- mkdir -p ~/.ssh
- cat ./my_known_hosts >> ~/.ssh/known_hosts
- (umask 077 ; echo $SSH_KEY | base64 --decode > ~/.ssh/id_rsa)
- ssh $USER#$SERVER -p$PORT 'echo "connected to remote host as $USER"'
I'm trying all possible things but still can't connect.
Can anyone help me?
This happen when you try to ssh the first time to the server, you can remove host checking by this option StrictHostKeyChecking=no, below is the complete command for your reference.
ssh -o StrictHostKeyChecking=no $USER#$SERVER -p$PORT 'echo "connected to remote host as $USER"'
PS: disabling host checking is not secure way to do, you can add server key to your ~/.ssh/known_host , run this command ssh-keyscan host1 , replace host1 to the host you want to connect.
I am stuck with after statement "couldn't get a file descriptor referring to console". I couldn't continue further than that. I need your help on this issue. I am a new web developer and continue to learning to improve my skills. Thank you for your time to guide me to right direction.
[ENV]:/vagrant/src/splurty $ git push origin master
ssh: connect to host github.com port 22: Connection refused
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
[ENV]:/vagrant/src/splurty $ git remote set-url origin https://github.com/livestronger08/brolin.git
[ENV]:/vagrant/src/splurty $ eval "$(ssh-agent -s)"
Agent pid 30162
[ENV]:/vagrant/src/splurty $ ssh-add
Identity added: /home/vagrant/.ssh/id_rsa (/home/vagrant/.ssh/id_rsa)
[ENV]:/vagrant/src/splurty $ $ ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
$: command not found
[ENV]:/vagrant/src/splurty $ ssh-keygen -t rsa -b 4096 -C "derek.downie#ttu.edu"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vagrant/.ssh/id_rsa):
/home/vagrant/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Passphrases do not match. Try again.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vagrant/.ssh/id_rsa.
Your public key has been saved in /home/vagrant/.ssh/id_rsa.pub.
The key fingerprint is:
72:98:32:bc:e7:b1:05:0e:c6:99:17:3d:a0:00:6a:63 derek.downie#ttu.edu
The key's randomart image is:
+--[ RSA 4096]----+
|... . |
|. . . o |
|.E . . o |
|o .o o + . |
| X * S |
| . B + |
| . + . |
| o + |
| o |
+-----------------+
[ENV]:/vagrant/src/splurty $ eval
[ENV]:/vagrant/src/splurty $ eval "$(ssh-agent -s)"
Agent pid 30176
[ENV]:/vagrant/src/splurty $ open ~/.ssh/config
Couldn't get a file descriptor referring to the console
[ENV]:/vagrant/src/splurty $ touch ~/.ssh/config
From the moment you have set the remote repository URL (with git remote set-url origin https://github.com/livestronger08/brolin.git) to an HTTPS one, every other commands related to SSH won't matter regarding the authentication.
The agent is needed only if you have entered a non-empty passphrase when creating the SSH key.
And the ~/.ssh/config is a file needed only if your SSH key is not the default ~/.ssh/id_rsa name. In your case, you don't need it.
I am having create difficulty finding reliable information on creating SSH keys in order to remove the need for username and password when doing git push and pull for a main repo and separate nested repos.
To make sure I have no existing errors deleted them from
https://github.com/settings/keys
And then followed this guide which in a nutshell advises:
Check for existing, I deleted all from here as well
ls -al ~/.ssh
then (accepting defaults with no passkey)
ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
eval $(ssh-agent -s)
ssh-add ~/.ssh/id_rsa
clip < ~/.ssh/id_rsa.pub
and pasting key at https://github.com/settings/keys
The guide seems to end here, however attempt to push the repo gives:
fatal: HttpRequestException encountered.
An error occurred while sending the request.
Username for 'https://github.com':
What steps have been missed here please.
Attempting to push via git bash
I have a simple bash script that makes a call to a git repository on github (/home/user/simple_git.sh):
#!/bin/bash
# Change to the Git repoistory
cd /home/user/git/a_git_repo
remote=$(
git ls-remote -h origin master |
awk '{print $1}'
)
local=$(
git rev-parse HEAD
)
printf "Local : %s\nRemote: %s\n" $local $remote
It gives the following output:
Local : a10dc1d7d30ed67ed1e514a3c1ffc5a824cea14b
Remote: a10dc1d7d30ed67ed1e514a3c1ffc5a824cea14b
git authentication is done via ssh keys - the following is my my .bashrc
# ssh
eval `ssh-agent -s`
ssh-add
The script runs just fine as user as well as with sudo (by preserving the user environment) ie.
~/.simple_git.sh
or
sudo -E ~/simple_git.sh
However, I've still not yet found a way to run the script as a service (/etc/systemd/user/simple_git.service or /etc/systemd/system/simple_git.service)
[Unit]
Description=TestScript
[Service]
Type=simple
ExecStart=/home/user/simple_git.sh
I've tried running the systemctl command with the --user option as well as modifying visudo to include the line
Defaults env_keep += SSH_AUTH_SOCK
but to no avail. Everytime I check the status of the job:
Feb 21 23:16:00 alarmpi systemd[484]: Started TestScript.
Feb 21 23:16:01 alarmpi simple_git.sh[15255]: Permission denied (publickey).
Feb 21 23:16:01 alarmpi simple_git.sh[15255]: fatal: Could not read from remote repository.
Feb 21 23:16:01 alarmpi simple_git.sh[15255]: Please make sure you have the correct access rights
Feb 21 23:16:01 alarmpi simple_git.sh[15255]: and the repository exists.
Feb 21 23:16:01 alarmpi simple_git.sh[15255]: Local : a10dc1d7d30ed67ed1e514a3c1ffc5a824cea14b
Systemd is not running the service with your environment variables from your session. I would recommend you to
Use git using https, which will not require authentication (instead of ssh)
Create an unprotected "deploy key", which will be in standard location (~alarmpi/.ssh/id_rsa), which will get picked up by git automatically without ssh-agent.
At this time (working practise policy) it was not possible to use https to connect to github. While the idea of an unprotected deploy-key is useful I ended up using systemctl --user import-environment (wiki.archlinux.org/index.php/Systemd/User) to mange the issue at this time.
Running cap deploy returns the error
ERROR: Repository not found.
fatal: The remote end hung up unexpectedly
failed: "env PATH=$HOME/.rbenv/shims:$HOME/.rbenv/bin:$PATH sh -c 'if [ -d .../shared/cached-copy ]; then cd .../shared/cached-copy &&
git fetch -q origin && git fetch --tags -q origin && git reset -q
--hard e54354271256196e54354271256196 && git clean -q -d -x -f; else git clone -q -b new_front git#github.com:myapp.git
.../shared/cached-copy && cd /shared/cached-copy && git checkout -q -b
deploy ced405a4d2b184ccadf844185e54354271256196; fi'" on
192.111.111.111
but when i ssh to the server and run that exact command it works.
I've tried deleting the cached-copy and commenting set :deploy_via, "remote_cache" as mentioned in Cap deploy - ERROR: Repository not found but nothing works.
thanks
EDIT:
Similar issue:
https://gist.github.com/ParkinT/2432735
I had to run:
ssh-add
to add my identity to the authentication agent.
Turns out the problem was with ssh agent forwarding.
https://help.github.com/articles/using-ssh-agent-forwarding
Capistrano was setup
ssh_options[:forward_agent] = true
Locally I had two ssh keys, and somehow the one used locally was not the same one being used via the forward_agent. If you have a key on the server you can set
ssh_options[:forward_agent] = false
Otherwise, clear your keys and add just the one you need (on mac, ssh-add -D and ssh-add path/to/key).