Host key verification problem with gitlab CI - amazon-ec2

Running a gitlab CI pipeline I'm trying to easy-deploy the repository's code on a EC2 instance.
I generated my ssh-keys for gitlab in my PC to clone and push my code. Then I moved the public and private keys also in the ec2. This just o allow to make the git clone "git.repo.git" in the ec2 instance.
I think this should be the problem, but I can't find a solution, I get this error
Cloning into 'repo-name'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
This is my gitlb ci file: (really easy, just for tests)
stages:
- deploy
deploy-job:
stage: deploy
script:
- cat $SSH_KEY > cred.pem && chmod 400 cred.pem
- ssh -o StrictHostKeyChecking=no -i cred.pem ubuntu#id-amazon.com git clone git#gitlab.com:repo/test.git
Is there a way to pass these credentials correctly?

You are using your keys to connect to id-amazon.com, user ubuntu.
But they would not be used by the git clone executed on that server, which would explain why the clone fails.
Although it fails first because the gitlab.com fingerprint is not found in ~ubuntu/.ssh/knwon_hosts.
See "Using SSH keys with GitLab CI/CD" and its example SSH project.
Double-check the result of ssh-keyscan gitlab.com with GitLab SSH known_hosts entries.
As explained by the OP Alex Sander in the comments
I think a mix of permissions problems, if the folder with the .ssh for the aws-key has 'too much permissions' I saw that it gives problems (I read that is because the ssh key has to be not 'viewable', inside the ubuntu folder I created another folder with chmod 777 in which I which I cloned the directory.
And for the .ssh files all he permissions in the aws docs.
To solve these problems I changed in a strange way the commands ran in the GitLab job but it was just this permission problem I think.

Related

Git configuration on windows for ssh access to Github

I have a Github account with multiple projects.
I have cloned these projects to my windows 10 computer using ssh key.
some time later, it appear my ssh keys were compromise so i delete my ssh on Github and locally, then regenerate new ones :
4096 bits
rsa2
saved the pub as ~/.ssh/git_id_rsa.pub
add the pub key to my Github ssh keys
saved the priv as ~/.ssh/git/git_id_rsa.ppk
converted to Openssh format as ~/.ssh/git_id_rsa
the fact is I want different ssh keys for my different web tools (one for GitHub, one for DigitalOcean, one for OVH cloud, etc...) and I want to specify witch key to use when connecting to each host. thats why I change the default name for the ssh generated with PuttyGen (and converted with the same).
I don't have passphrase on the git_id_rsa.ppk (nor git_id_rsa) keys, as it seems that GitHub dont like them (saw long time ago).
I've configure my (projecytdir)/.git/config like bellow :
[remote "origin"]
url = git#github.com:hdGuild/JenkinsServerOnDO.git
fetch = +refs/heads/*:refs/remotes/origin/*
identityfile= ~/.ssh/git_id_rsa
But when I try a Git Pull, I've got the following error :
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Following the following answers I've created the ~/.ssh/config file with the following (using OpenSSH key for GitHub), and it works :
Host github.com
IdentityFile ~/.ssh/git_id_rsa
The fact is that if I need the ~/.ssh/config file, why would I need to configure my local git with (projecytdir)/.git/config as I describe it above ?
I would like to configure my local git to use the right ssh key for Github, without having to explain it in my ~/.ssh/config file.
I'm sure it is (again) a configuration problem and I miss something somewhere, but I can't find where.
Please help :)
thank-you
Okay,
As previously, I answer my own question :D
After some more research, I found this post that explain how to specify in Git local config file, the ssh key to use for git sh connection.
The command is simply, in the above explained case, the following while in project directory :
git config core.sshCommand "ssh -i ~/.ssh/git_id_rsa -F /dev/null"
This way, the git_id-rsa will be used by git for ssh connections on this particular project (as it is a local configuration).
Thank-you for reading.

How can I add multiple SSH keys for a Github account and a Bitbucket corporate account

I have two different accounts where I have to upload changes to, the thing here is that the GitHub account and the Bitbucket account has different email addresses, so I'm trying to configure multiple ssh keys in order to keep committing, pushing and pulling changes from Github and Bitbucket respectively.
I've tried to generate two different ssh-keys by running:
ssh-keygen -t rsa -C "My.CorporateAddress#company.com"
Then, when asked to enter the file in which to save the key I add this:
Enter file in which to save the key (/Users/myUser/.ssh/id_rsa): /Users/myUser/.ssh/id_rsa_github
I do the same steps with the bitbucket one.
Then I generate a file named config and edit it by adding:
Host github
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_github
Host bitbucket
HostName corporate-address.com
User git
IdentityFile ~/.ssh/id_rsa_bitbucket
But when I run:
ssh -T git#bitbucket
Or:
ssh -T git#github
And try to make a pull request for any of those, I get the following error:
GITHUB ERROR:
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
---------------------------------------------------
---------------------------------------------------
BITBUCKET ERROR:
git#bitbucket.corporate.companyName.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
For security reasons, I omitted the company name.
What I'm trying to achieve is the possibility to work with both, my work Bitbucket account and my Personal Github account which are configured with a different email address.
What am I doing wrong? Your feedback will be truly appreciated it!
To test your different key, you should type:
ssh -Tv github
ssh -Tv bitbucket
No need to add the user.
Try again, with the old PEM format
ssh-keygen -t rsa -C "xxx#yyyy.com" -m PEM -P "" -f ~/.ssh/id_rsa_github
ssh-keygen -t rsa -C "another#yyyy.com" -m PEM -P "" -f ~/.ssh/id_rsa_bitbucket
But make sure to add your public keys to your accounts.
Example for GitHub: "Adding a new SSH key to your GitHub account".
I was finally able to configure my two git accounts, they're now up and running.
I followed this tutorial I found and it worked like charm!
Configuring Multiple SSH Keys on Mack

Gitlab connectivity from Go CI/CD

I am trying to clone a project from gitlab using GO CI/CD pipeline. Steps i did as below,
I already have ssh key which i have added to gitlab.
tried to clone from my local machine and i am able to clone using "git clone" command
I also tried on the Go-agent server using command "git clone" and project is cloned there.
After clone the project I opened the ssh folder and "known_hosts" file is modified with some key. So i have placed the ssh folder at "C:\Windows\System32\config\systemprofile" location because GO- CD pipeline looks there only.
But whenever i am trying to test the connection of pipeline it says access denied. below is the error
:
Repository ssh://git#gitlab.demo.com/exampleproject/someproject.git not found! :
Error performing command: --- Command ---
git ls-remote ssh://git#gitlab.demo.com/exampleproject/someproject.git
--- Environment ---
{}
--- INPUT ----
--OUTPUT ---
--- ERROR ---
STDERR: Host key verification failed.
STDERR: fatal: Could not read from remote repository.
STDERR:
STDERR: Please make sure you have the correct access rights
STDERR: and the repository exists.
I also tried running command ssh -T git#gitlab.demo.com but it shows "Permission denied (publickey).". Can anyone tell me why? what configuration i am missing?
If you have created a key using the default name of id_rsa, try copying it to C:\Windows\SysWOW64\config\systemprofile.ssh (https://startbigthinksmall.wordpress.com/2012/04/26/how-to-authorize-local-system-account-for-openssh/).
If that doesn't work after restarting your service, or if you think you will need to use more than one identity, the following might be helpful:
I assume restarting your Go-CD server service didn't work and that you are running your Go Server service using the default Local System account. I prefer to run using a domain account as that helps with some tricky permissions issues and this type of configuration. Take a look at this answer first: .ssh/config file for windows (git)
If you are running under a service account, your RSA keys are typically written to ~/.ssh/ - which likely translates to: C:/Users/your-account/.ssh. If this folder doesn't exist, open a command window in admin mode, cd to your account folder and run mkdir .ssh.
When Go-CD makes a connection to a Git repository using SSH, it uses git commands which in turn call ssh commands. With all these layers there are a number of approaches to configuring what identity or identities to use. An article to read first is (https://medium.com/#pinglinh/how-to-have-2-github-accounts-on-one-machine-windows-69b5b4c5b14e) Notice how the sshCommand overrides which identity git will use by specifying the file path to your rsa file.
Instead of editing the git configuration directly, my opinion is that editing the global ssh configuration will better handle multiple identities/keys and will be easier for Go-CD to handle. See https://www.ssh.com/ssh/config/. By default the ssh configuration file is located at ~/.ssh/config. If you don't have one, create a text file named config without any extension. Edit the file and add an entry that specifies the path to your Identity File (RSA Key) or files. For example (https://superuser.com/questions/366649/ssh-config-same-host-but-different-keys-and-usernames):
Host github_username1
Hostname github.com
User git
IdentityFile ~/.ssh/rsa_1
Host github_username2
Hostname github.com
User git
IdentityFile ~/.ssh/rsa_2
This establishes an host alias you can use for your material. So, instead of using git#gitlab.com/pathtorepo, you would use git#github_username2/pathtorepo if you were using the second host shown above.
Always give your Go-CD service a bounce after making changes, just in case.

How to push to bitbucket using intellij

I have created a project in bitbucket and trying to push code using intellij git. When I created the project bitbucket gave me commands to run within git. Here are the commands I ran and the error I got:
git remote add origin ssh://git#bitbucket.org/[username]/[repo]
git push -u origin master
This looks strange because how is this command suppose to authenticate me? Now here is error I got.
Permission denied (publickey). fatal: Could not read from remote
repository.
Please make sure you have the correct access rights and the repository
exists.
Any ideas?
That is because you are creating your project via ssh and for that you need to create and registrate SSH keys.
Create ssh key
If you don't want that, create your project only via https
Do you have the ssh key added to your computer?
If you're using oSX El Capitan or newer you'll need to add these every time you restart. osx ssh keys
How to add ssh keys

Unable to clone git repository from siteground

I'm trying to set up MS WebMatrix to use a Git repository from my siteground hosting account. I created the repository using their cpanel plugin and it tells me that I can clone it using this command
git clone ssh://username#sm3.siteground.biz:18765/home/username/public_html/
I replaced username of course and I created an rsa key using ssh-keygen. In the Webmatrix GUI it just opens a window saying "Clone is in progress" but it doesn't to anything.
And when I run that command in PowerShell, this is the output:
Cloning into 'public_html'...
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Any help is highly appreciated!
EDIT:
I haven't used github before but I'm pretty sure I'm not connecting to it. The repository is on siteground's server I think. Anyway, I couldn't figure it out in PowerShell so now I'm using putty to load the appropriate key and connect using an external git tool (source tree) that doesn't use the same ssh client as PowerShell. That is the solution that's working for me now.
I'll leave this question open as maybe someone comes around and can help with how to set this up using PowerShell.
The missing piece to the Siteground guide is:
Create a blank file in ~/.ssh/ or C:\Users\username\.ssh on your computer. It does not matter what you name it. I named it siteground_dsa. You could also name it id_dsa_siteground.
Copy the private ssh key that you get from siteground.com and paste the whole of it in the this newly created file.
Open Git Bash locally on your computer and run the following command
$ eval ssh-agent -s
Then run the following. Remember to use the filename that you gave it.
$ ssh-add ~/.ssh/siteground_dsa
Now you need to enter the passphrase for the ssh key. You will have defined it when creating the ssh key.
Now you should be logged in and you can run git clone the directory of your wish.
git clone ssh://username#ams14.siteground.eu:18765/home/username/public_html/
To permanently add the SSH key extend ~/.ssh/config with the following and updating server_name and username.
Host server_name
User username
Port 18765
IdentityFile ~/.ssh/siteground_dsa
keep in mind that for Windows operators, you should write eval $(ssh-agent)
eval $(ssh-agent)
chmod 600 file_name
ssh-add C:\Users\username\.ssh\siteground
Then you can easily clone your file into your local server following inserting your passphrase of the SSH key.
GitHub isn't able to authenticate you. Probably your key isn't associated with your GitHub account.
Take a look to GitHub's recommended method

Resources