Background
I have a system where when I push changes to my Repository, A web hook sends a request to my site which runs a bash script to pull the changes and copy any updated files.
I added a second repository with its own deploy key but after doing so i was getting a permission denied error when trying to pull changes.
Question
Is there a way to use 2 deploy key's on the same server?
Environment Details
Site uses Laravel 5.6, Symfony used to run shell script
Git 1.7
Go Daddy web hosting (Basic Linux one)
Notes
Script just runs git pull command
Error given is " Permission denied (publickey) "
SHH is used as a deploy key so only read access, there is one other project also using a deploy key on the same server
Thank you in advance for you help! Any other suggestions are welcome!
Edit #1
Edited post to reflect true problem as it was different to what I though (Feel free to revert if this is bad practice), please see answer below for details and solution
What i though was an issue with authentication what actually an issue with the git service not knowing which ssh key to use as i had multiple on the server.
The solution was to use a config file in the .ssh folder and assign alias to specify which ssh key to use for git operations in separate repositories.
Solution is here: Gist with solution
This gist explains the general idea, it suggests using sub-domains however a comment further down uses alias which seems neater.
I have now resolved the issue and the system is working fine with a read-only, passphrase-less deploy key.
This can be done by customizing the GIT_SSH_COMMAND. As ssh .config only gets the host, you have to create aliases to handle different paths. Alternatively, as the git CLI sends the path of the repo to the GIT_SSH_COMMAND, you can intercept the request in a custom script, added in between git and ssh.
You can create a solution where you extract the path and add in the related identity file, if available on the server.
One approach to do this can be found here.
Usage:
cp deploy_key_file ~/.ssh/git-keys/github-practice
GIT_SSH_COMMAND=custom_keys_git_ssh git clone git#github.com:github/practice.git
Related
I installed Git for Windows in order to clone and pull a project hosted on a remote Linux server.
In my repository (D:/repositories/my-project) I launch the following commands
git clone server#192.168.56.101:/var/www/web/my-project/.git
git pull origin master
So far so good. I pull the project files whenever modifications are applied on the server.
But now I'd like to pull or push from the remote server to my local repository.
I tried many things but I can't figure out how to access the repository located on my local machine.
Things like:
git pull duddy#my-pc:/d/repositories/my-project/.git master
just doesn't work, Git says:
ssh: Could not resolve hostname my-pc: Name or service not known
fatal: Could not read from remote repository.
Can someone helps me ?
First things first, I would recommend you try simply running git pull.
If this doesn't work, try running git remote -v and check to make sure that the URL for your server is listed as an origin (server#192.168.56.101:/var/www/web/my-project/.git).
Your issue is that you are inputting the URL for your local repository in your attempt to git pull.
I suggest reading the git-pull documentation to learn more about how pull works.
Basically, you need to have some service at your workstation which serves the requests. There are following options (I did not try most of them myself, just making it up from what I know):
use the windows file access. This is the easiest to setup at the windows workstation - just share the repository folder. The Linux side should somehow be able to mount windows shares (like described, for example, here: https://wiki.ubuntu.com/MountWindowsSharesPermanently). If you manage to mount your \\my-pc\repo to some /mount/my-pc-repo, then you can access it as file:///mount/my-pc-repo.
run git daemon at windows. Set up instructions are available at SO (for example, https://stackoverflow.com/a/2275844/2303202) and it pretty straightforward, but it does not have any authentication and in most cases it is reasonable to use it only for reading, so you will not be able to push to the workstation, only fetch.
set up ssh daemon and access through ssh authentication with read-write access. Git for windows installation contains the needed software (the sshd.exe binary, it is there at least for Git for Windows 2.6.0), probably there is a way to utilize it but I could not find it quickly.
set up HTTP(S) service at your workstation. I don't know if it is possible to do only with Git for Windows (it might be, with some perl module which happen to be included with it), or you should use some other software.
I have a launch configuration and auto-scaling group set up. The launch config uses an AMI that I've already created, based on Ubuntu 14.04, that installs Nginx, Git, and has my static files stored as a Git repo in Nginx's /usr/share/nginx/html/ directory.
The problem: the static files in my nginx/html directory are only as new as the files that were loaded in the AMI when I created it.
To remedy this, I have tried to add a "User Data" field into the launch config. The field is defined as:
#! /bin/bash
cd /usr/share/nginx/html/
git pull origin master
<my git repo's password>
But when I check to see if the instance has the latest version of the repo, I see that it doesn't. Something is wrong with my script, and I'm not sure what.
I have tested entering these commands one-by-one exactly as is into the EC2 instance via SSH, and it works exactly as expected.
Why doesn't this work in the user data field?
Note: I have verified that the 'bash' file is indeed present in /bin/bash.
You need to pass username and password of your repository with the repo url
Sample example :
#! /bin/bash
cd /usr/share/nginx/html/
git clone https://username:password#yourRepoURL.git
Problem is definitely in the bash script. Everything it contains is executed by bash, so it actually tries to execute your password as a command.
There are multiple ways to provide a password to Git in a script. See for example this question: How to provide username and password when run "git clone git#remote.git"?
It basically depends on how secure do you need it. Maybe it's enough to have a plain text password in Git's config (it doesn't have to be so bad if you set a restricted mode for that file, it would be similar to using a private key without passphrase).
It's been a while since I asked this- I've learned a lot since then.
You can pass your username and password as part of the URL, but that is bad form as if you share the code with anyone or give anyone access to your script then they will know your account credentials.
The best way to do this would be to set up your server to connect to your Git repo over SSH - I believe this is industry best practice as it is more secure and password-less.
i'm trying to set up a git server on Windows, but i'm having some issues getting it all to work.
I have locally created a normal repository, and remotely i created a bare repository. On the local repository i added a single text file and committed it, but when I try to push it into the remote repository I always get the following message:
fatal: protocol error: bad line length character: fata
I searched SO and other sources, and most of them suggest it's an issue regarding command echos. I'm using freeSSHd as a SSH solution (remote repository is hosted on a windows server), and I tried to use both the git bash and the windows CMD as a command shell.
I start CMD with /Q to disable echoing and /K to change directory to a directory where repositories are located, so I don't think that would be a problem.
Using the remote desktop, i can clone the repository to a folder next to it, and using the git bash locally i can access the SSH shell and also clone the repository in the same way. But using git clone ssh://<address>:/myRepo.git I always get the above message (The SSH's working folder is the same where the repository is located). Does anyone have any idea what's going on? How can I see what command is triggering the error, and how can I see the full error message?
I also met the same error using freeSSHd as a ssh solution for git server on Windows. I couldn't find a solution for a whole day and gave up. :(
Later I found another powerful ssh server from Bitvise called WinSSHD worked well. It has free version for personal use. I suggest you to switch to it. Though I'd also like to know if there's a fix to the error we both met.
To setup ssh server with WinSSHD is quite simple, and you can add virtual accounts with private/public key access.
The key part is to setup the ssh access for git server. Please follow the steps of the blog here.
It should work well for Windows git client. For Mac, you may meet an error as follows.
grp.sh: No such file or directory
fatal: Could not read from remote repository.
To fix it, you need to create the two files gup.sh and grp.sh in your git bin directory (GIT_PATH/bin or GIT_PATH/libexec/git-core configured in system environment variable PATH) in your git server.
The content of gup.sh:
git-upload-pack.exe $*
The content of grp.sh:
git-receive-pack.exe $*
I'm trying to set up a scheduled Subversion commit from Windows Server 2003 machine over SVN+SSH as a task. I'd like the commit script to be executed as SYSTEM-user. So I'm guessing, for that to work I need to check-out the repository as SYSTEM, too - but am unable to achieve it so far.
I'm already able to achieve the above with my own user over SSH. I've done the following:
I added a [tunnels] entity in my local subversion configuration:
ssh = plink.exe -i "C:/Keys/my_key.ppk"
Added the key to the authorized_keys file on the server running Subversion
I checked out the repository with a script as below:
svn co svn+ssh://user#server/path/to/repo/ C:\Local\Project\Path
I'd now like to reproduce the above steps for SYSTEM user, to be able to run a scheduled commit later. The problem I'm facing is I don't know how to check out the repository as SYSTEM, because:
I don't know the syntax to use to check out a repository as SYSTEM
I don't know where the global (or SYSTEM's) Subversion config is stored on a Windows Server 2003. I've already tried: C:\Documents and Settings\Default User\Application Data\Subversion and C:\Documents and Settings\Administrator\Application Data\Subversion, but without success.
I also read somewhere I possibly could use svn switch for what I want, but wouldn't know how to svn switch as SYSTEM. I also considered writing scripts for svn check-out or switch and running them as SYSTEM, but then I still need global SVN config to add my_key.ppk, too.
I hope the above description is clear enough. I've been struggling with it for a long time now and am having problems summarizing it myself. Any hints appreciated.
As a side, that doesn't seem to be totally off-topic: https://serverfault.com/q/9325/122307
This is not a real answer to your question, yet it might solve your problem: Why not use svn <command> --config-dir ARG or svn <command> --config-option ARG?
You could specify the config file/option like this, thus being able to set [tunnels].
#cxxl really answered on question, when mentioned --config-dir. I'll just try to shed some light on problem
I'm guessing, for that to work I need to check-out the repository as SYSTEM
Wrong and bad guessing, because stored locally user's auth data doesn't used in case of SSH-auth, for ssh remote authentication performed. Per-user auth-dir
\%AppData%\Subversion\auth>dir /W
...
[svn.simple] [svn.ssl.client-passphrase]
[svn.ssl.server] [svn.username]
...
contain stored credentials only for http|https|svn and cert-based client authentication, and nothing for ssh-related repositories
I.e your executed under LSA script must be able to
* read Working Copy files (checkouted under any other real local user), maybe write (can't recall requirement for .svn dir permissions)
* read and, thus, use predefined and fine-tuned Subversion's config files (tunnel section), which can be config of any other user
PS: swn switch change linked URL of repository for Working Copy and have nothing common with users
I have tried following how-set-up-your-own-private-git-server-linux and private-remote-git-repositories-ubuntu-linode but I am still having problems.
My local environment is windows and my remote linux. I have a couple of questions:
In the first article it describes setting up a public ssh key for the server - I've never done this before and I'm not sure where to type the commands (not even sure whether local or remote!!): ssh myuser#server.com mkdir .ssh and scp ~/.ssh/id_rsa.pub myuser#server.com:.ssh/authorized_keys
On my local dev machine should I be running msysgit? Is there an alternative because the version I installed is taking up 1.4 GB! I installed msysGit-netinstall-1.7.4-preview20110204.exe from http://code.google.com/p/msysgit/downloads/list
I tried skipping making the git user and public key, created the repositories on the remote machine but then when I try git remote add origin ssh://[username]#[domain/ip/hostname]/srv/git/[project-name] as root user it says: fatal: Not a git repository (or any of the parent directories): .git
I'm not sure if this should be here or if it would be best migrated over to a different site, but since I might be able to help I'll go ahead and answer.
I just skimmed the articles you linked. It looks like they both deal with accessing a git server over ssh, which you mention, so that's what I'll focus on.
First, on your server:
You need to set up an account on the server so that you can log in. This can be either a generic git account, or your own personal account. For the moment we'll assume that you are setting it up to work with a personal account. What you want to do is create your account, then somewhere accessible to that account (say, in your home directory), create the git repository.
mkdir myrepo.git
cd myrepo.git
git --bare init --shared=all
So now you have a git repository up on the server. Depending on the git client you are using, you might not need to mess with keys right now. If SSH is configured on your server to allow password login then you can probably just connect and enter your password when you need to interact with the server. If you want to set up keys, what you need to do is to generate an ssh public key. I don't know off hand how to do this in windows, but in linux you'd do something like:
ssh-keygen -t rsa -b 1024
That command will generate two files, "id_rsa" and "id_rsa.pub"; whatever tool you use should also generate two files, a public key and a private key. They might have different names, but assume for now that "id_rsa.pub" is the name of your public key file.
You want to copy the public key to the server, you can use scp, ftp, or just move it over using a thumbdrive. Either way, once you get it onto the server, and it's accessible by your user, log in as your user on the server. You want to add the public key to your "authorized_hosts" file, so after logging in to your account on the server, do this:
cd
mkdir .ssh
cat id_rsa.pub >> .ssh/authorized_hosts
rm id_rsa.pub
Now, from your workstation you need to configure your ssh client to use the private key your generated. Again, I don't know how to do this on Windows and it will probably vary depending on what ssh client you are using, so you'll need to get that information somewhere else.
Next, you need to create your local repository, add some files, and make a commit. Note that you can't clone the remote repository you made yet because there's nothing in there. Once you have some commits made locally, you need to set the remote server in your repository.
If you are using the git command line tools, you can run:
git remote add origin user#yourserver:myrepo.git
If you put the repository somewhere other than your home directory, use the full path:
git remote add origin user#yourserver:/path/to/repo.git
Note that you need the ".git" in there, since your directory name has ".git" as part of the name.
If you are using a GUI tool, then you instead just edit the configuration file for the repository. This will be in the top level of your repository under ".git/config". You'll want to add something like
[remote "origin"]
url = user#yourserver:/path/to/repo.git
fetch = +refs/heads/*:refs/remotes/origin/*
Now that your remote is configured, and you have some commits locally, you can push your master branch up to the server. If you're using the command line use:
git push origin master
Or, if you're working on a different branch:
git push origin mybranch
If you are using a GUI frontend for get then you'll need to look up the documentation for that tool on how to push.
I would like to recommend to use Gitolite that allows to setup git hosting on central srever with great features like access control and creating/managin repositories etc.
And for windows, the tool called git-scm can be used for setting up git client and also have GUI panel for git repositories. After installation of this git tool, you will get a git bash tool and a git GUI.
Gitolite makes settting up of a git hosting server and client very simple.
I hope this may help new people who are looking for an efficient solution for settting up git hosting server and clients in some easy to understand simple steps.
I followed the most voted answer and I didnt get it to work. I found this tutorial:
https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
and I got it working. I think the problem was that, in the server, the public key is to be copied to a file "authorized_keys" and not "authorized_hosts".
I had been trying to generate the key pairs using putty but couldn't get it to work. In the end I realised that I could generate the keys via the msysgit command line using ssh-keygen -C "git#example.com" -t rsa. Copy the public key to the server using nano /home/git/.ssh/authorized_keys and hey presto!
I had downloaded the full source code hence the size! The non-source app, Git-1.7.4-preview20110204.exe was just 13MB via http://code.google.com/p/msysgit/downloads/list?can=3