I'm trying to set up a scheduled Subversion commit from Windows Server 2003 machine over SVN+SSH as a task. I'd like the commit script to be executed as SYSTEM-user. So I'm guessing, for that to work I need to check-out the repository as SYSTEM, too - but am unable to achieve it so far.
I'm already able to achieve the above with my own user over SSH. I've done the following:
I added a [tunnels] entity in my local subversion configuration:
ssh = plink.exe -i "C:/Keys/my_key.ppk"
Added the key to the authorized_keys file on the server running Subversion
I checked out the repository with a script as below:
svn co svn+ssh://user#server/path/to/repo/ C:\Local\Project\Path
I'd now like to reproduce the above steps for SYSTEM user, to be able to run a scheduled commit later. The problem I'm facing is I don't know how to check out the repository as SYSTEM, because:
I don't know the syntax to use to check out a repository as SYSTEM
I don't know where the global (or SYSTEM's) Subversion config is stored on a Windows Server 2003. I've already tried: C:\Documents and Settings\Default User\Application Data\Subversion and C:\Documents and Settings\Administrator\Application Data\Subversion, but without success.
I also read somewhere I possibly could use svn switch for what I want, but wouldn't know how to svn switch as SYSTEM. I also considered writing scripts for svn check-out or switch and running them as SYSTEM, but then I still need global SVN config to add my_key.ppk, too.
I hope the above description is clear enough. I've been struggling with it for a long time now and am having problems summarizing it myself. Any hints appreciated.
As a side, that doesn't seem to be totally off-topic: https://serverfault.com/q/9325/122307
This is not a real answer to your question, yet it might solve your problem: Why not use svn <command> --config-dir ARG or svn <command> --config-option ARG?
You could specify the config file/option like this, thus being able to set [tunnels].
#cxxl really answered on question, when mentioned --config-dir. I'll just try to shed some light on problem
I'm guessing, for that to work I need to check-out the repository as SYSTEM
Wrong and bad guessing, because stored locally user's auth data doesn't used in case of SSH-auth, for ssh remote authentication performed. Per-user auth-dir
\%AppData%\Subversion\auth>dir /W
...
[svn.simple] [svn.ssl.client-passphrase]
[svn.ssl.server] [svn.username]
...
contain stored credentials only for http|https|svn and cert-based client authentication, and nothing for ssh-related repositories
I.e your executed under LSA script must be able to
* read Working Copy files (checkouted under any other real local user), maybe write (can't recall requirement for .svn dir permissions)
* read and, thus, use predefined and fine-tuned Subversion's config files (tunnel section), which can be config of any other user
PS: swn switch change linked URL of repository for Working Copy and have nothing common with users
Related
I am trying to set up a git repository on our Windows server.
I installed OpenSSH for Windows and Git for Windows.
The OpenSSH server runs on port 2345 to filter out generic bots.
I created a bare and shared repository on C:\git\protocolrepo.git
I couldn't reach it with the URL:
ssh://User#domain#server.com:2345:C:/git/protocol.git
It seems to me to be a malformed URL but everywhere I look on the web I get this, but it just doesn't work.
As I found out in this thread: https://github.com/PowerShell/Win32-OpenSSH/issues/895, the shell might be the cause, so I set the powershell as the default shell of OpenSSH.
This didn't work either and I still needed to use this oddly formed URL.
So I installed Cygwin and set the Cygwin bash as the default shell, and used a more appropriately formed url:
ssh://User#domain#server.com:2345/cygdrive/c/git/protocol.git
I had a little bit more success with this, but it now states the following error message:
fatal: '/cygdrive/c/git/protocol.git' does not appear to be a git repository
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
The access rights should be fine as I make use of the same user alltogether, but I'm not 100% sure how this works on Windows.
I'm not sure either how Git/ssh handles this path on Windows.
On a Linux based server this worked just fine with /git/protocol.git path.
Pushing a new branch to a bare repository is something I haven't done in a while either so that also might be done wrong here, but I can't recall it to be an issue.
What would you recommend to debug this issue?
I would start by checking if an interactive SSH session works, before considering using a Git repo SSH URL.
ssh -p 2345 User#domain#server.com
If it does, try and access /C/git/protocol.git in that interactive shell.
If that works, then try for your git commands the URL
ssh://User#domain#server.com:2345/C/git/protocol.git
# or
ssh://User#domain#server.com:2345/c/git/protocol.git
Background
I have a system where when I push changes to my Repository, A web hook sends a request to my site which runs a bash script to pull the changes and copy any updated files.
I added a second repository with its own deploy key but after doing so i was getting a permission denied error when trying to pull changes.
Question
Is there a way to use 2 deploy key's on the same server?
Environment Details
Site uses Laravel 5.6, Symfony used to run shell script
Git 1.7
Go Daddy web hosting (Basic Linux one)
Notes
Script just runs git pull command
Error given is " Permission denied (publickey) "
SHH is used as a deploy key so only read access, there is one other project also using a deploy key on the same server
Thank you in advance for you help! Any other suggestions are welcome!
Edit #1
Edited post to reflect true problem as it was different to what I though (Feel free to revert if this is bad practice), please see answer below for details and solution
What i though was an issue with authentication what actually an issue with the git service not knowing which ssh key to use as i had multiple on the server.
The solution was to use a config file in the .ssh folder and assign alias to specify which ssh key to use for git operations in separate repositories.
Solution is here: Gist with solution
This gist explains the general idea, it suggests using sub-domains however a comment further down uses alias which seems neater.
I have now resolved the issue and the system is working fine with a read-only, passphrase-less deploy key.
This can be done by customizing the GIT_SSH_COMMAND. As ssh .config only gets the host, you have to create aliases to handle different paths. Alternatively, as the git CLI sends the path of the repo to the GIT_SSH_COMMAND, you can intercept the request in a custom script, added in between git and ssh.
You can create a solution where you extract the path and add in the related identity file, if available on the server.
One approach to do this can be found here.
Usage:
cp deploy_key_file ~/.ssh/git-keys/github-practice
GIT_SSH_COMMAND=custom_keys_git_ssh git clone git#github.com:github/practice.git
I installed Git for Windows in order to clone and pull a project hosted on a remote Linux server.
In my repository (D:/repositories/my-project) I launch the following commands
git clone server#192.168.56.101:/var/www/web/my-project/.git
git pull origin master
So far so good. I pull the project files whenever modifications are applied on the server.
But now I'd like to pull or push from the remote server to my local repository.
I tried many things but I can't figure out how to access the repository located on my local machine.
Things like:
git pull duddy#my-pc:/d/repositories/my-project/.git master
just doesn't work, Git says:
ssh: Could not resolve hostname my-pc: Name or service not known
fatal: Could not read from remote repository.
Can someone helps me ?
First things first, I would recommend you try simply running git pull.
If this doesn't work, try running git remote -v and check to make sure that the URL for your server is listed as an origin (server#192.168.56.101:/var/www/web/my-project/.git).
Your issue is that you are inputting the URL for your local repository in your attempt to git pull.
I suggest reading the git-pull documentation to learn more about how pull works.
Basically, you need to have some service at your workstation which serves the requests. There are following options (I did not try most of them myself, just making it up from what I know):
use the windows file access. This is the easiest to setup at the windows workstation - just share the repository folder. The Linux side should somehow be able to mount windows shares (like described, for example, here: https://wiki.ubuntu.com/MountWindowsSharesPermanently). If you manage to mount your \\my-pc\repo to some /mount/my-pc-repo, then you can access it as file:///mount/my-pc-repo.
run git daemon at windows. Set up instructions are available at SO (for example, https://stackoverflow.com/a/2275844/2303202) and it pretty straightforward, but it does not have any authentication and in most cases it is reasonable to use it only for reading, so you will not be able to push to the workstation, only fetch.
set up ssh daemon and access through ssh authentication with read-write access. Git for windows installation contains the needed software (the sshd.exe binary, it is there at least for Git for Windows 2.6.0), probably there is a way to utilize it but I could not find it quickly.
set up HTTP(S) service at your workstation. I don't know if it is possible to do only with Git for Windows (it might be, with some perl module which happen to be included with it), or you should use some other software.
i'm trying to set up a git server on Windows, but i'm having some issues getting it all to work.
I have locally created a normal repository, and remotely i created a bare repository. On the local repository i added a single text file and committed it, but when I try to push it into the remote repository I always get the following message:
fatal: protocol error: bad line length character: fata
I searched SO and other sources, and most of them suggest it's an issue regarding command echos. I'm using freeSSHd as a SSH solution (remote repository is hosted on a windows server), and I tried to use both the git bash and the windows CMD as a command shell.
I start CMD with /Q to disable echoing and /K to change directory to a directory where repositories are located, so I don't think that would be a problem.
Using the remote desktop, i can clone the repository to a folder next to it, and using the git bash locally i can access the SSH shell and also clone the repository in the same way. But using git clone ssh://<address>:/myRepo.git I always get the above message (The SSH's working folder is the same where the repository is located). Does anyone have any idea what's going on? How can I see what command is triggering the error, and how can I see the full error message?
I also met the same error using freeSSHd as a ssh solution for git server on Windows. I couldn't find a solution for a whole day and gave up. :(
Later I found another powerful ssh server from Bitvise called WinSSHD worked well. It has free version for personal use. I suggest you to switch to it. Though I'd also like to know if there's a fix to the error we both met.
To setup ssh server with WinSSHD is quite simple, and you can add virtual accounts with private/public key access.
The key part is to setup the ssh access for git server. Please follow the steps of the blog here.
It should work well for Windows git client. For Mac, you may meet an error as follows.
grp.sh: No such file or directory
fatal: Could not read from remote repository.
To fix it, you need to create the two files gup.sh and grp.sh in your git bin directory (GIT_PATH/bin or GIT_PATH/libexec/git-core configured in system environment variable PATH) in your git server.
The content of gup.sh:
git-upload-pack.exe $*
The content of grp.sh:
git-receive-pack.exe $*
Before anybody shoots me down for this - I have already checked every appropriate thread and still not found a solution to my problem.
I have Hudson with git plugin installed on windows server (not my choice) and Hudson runs as a service. Git/bin is on the path. However I cannot clone the repository. Here is a shortened display of the console output:
Started by user anonymous
Checkout:workspace / C:\.hudson\jobs\sdf\workspace - hudson.remoting.LocalChannel#65394b
Last Built Revision: Revision 74200b32314231a5efdadd87bf36b42ec145c720 (origin/master)
Checkout:workspace / C:\.hudson\jobs\sdf\workspace - hudson.remoting.LocalChannel#65394b
Fetching changes from the remote Git repository
Fetching upstream changes from ssh://git.mccannlondon.co.uk/git/mccann_admin
[workspace] $ "C:\Program Files\Git\bin\git.exe" fetch -t ssh://git.mccannlondon.co.uk/git/mccann_admin +refs/heads/*:refs/remotes/origin/*
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 f1:48:2a:0a:d9:18:cf:2e:f2:8c:b3:25:7f:34:d5:34
Connection abandoned.
fatal: The remote end hung up unexpectedly
ERROR: Problem fetching from origin / origin - could be unavailable. Continuing anyway
So it seems I need to authenticate the host however I'm not sure why hudson is starting the job as user anonymous when I have set the Administrator as owner of the hudson service.
Does anyone know:
a) how to change hudson's run user? or
b) connect to the remove computer with the same user account as hudson uses as to allow hudson to fetch?
If this has been posted before apologies but I spent a good few hours searching around and couldn't find anything.
Thanks
Lewis
This may be related to the question Git, Can’t clone repo on windows
The problem is that MSysGit starts PLink in the background, i.e. the terminal is not actually connected to the input of PLink. That means that you simply can't type anything into PLink.
You simply have to connect to the server once using PLink or PuTTY, answer Yes and from then on, you won't be asked again.
The tutorial from cletus can be helpful as well.
A good description of the issue can be found in this blog entry
the problem is that Hudson is a service and runs under the user "Local Service Account".
The next step is to add the trace manually the cache (a file) because I know you can do in Linux.
Wrong again, Windows does not have this cache as a file but uses the registry.
Searching in the register found an entry for my user (who had previously accessed the repository and added to the cache footprint) where the trace was stored and copied to HKEY_USERS so that users can access it.
The entry goes like this:
Key Name: HKEY_USERS\.DEFAULT\Software\SimonTatham\PuTTY\SshHostKeys
Class Name: NO CLASS
Last Write Time: 23.01.2009 - 18:35
Value 0
Name: dss#22:bla_bla.com
Type: REG_SZ
Data: 0xb477b...
From the command line, you can easily add the key as follows:
reg add HKEY_USERS\.DEFAULT\Software\SimonTatham\PuTTY\SshHostKeys /v dss#22:bla_bla.com /d 0xb477b...
Now Hudson, run as a service, go happily and smoothly to the repository where the code.
The 'started by anonymous' is telling you which Hudson user started the job. If you haven't created any Hudson users, then everything is started by 'anonymous'
It is not related to which OS user is executing the process.
You asked how to change the user that Hudson runs as: you need to edit the service (Control Panel->Administrative Tools->Services, double click the Hudson service and change the "Log On" to "This account").
Once the account is setup I make sure that the git server is in MINGW's (Git Bash's) ~hudson/.ssh/known_hosts, and that there's a ~hudson/.ssh/identity file in place. The only warning I have is that if you have cygwin installed on the box you need to make sure that %CYGWIN% is empty, otherwise you'll see key permission errors in the Hudson logs. My recommendation is that you simply set the CYGWIN environment variable to empty in Hudson.
I meet the same problem and after check git plugin, http://wiki.hudson-ci.org/display/HUDSON/Git+Plugin
It is stated to change the git path to /usr/bin/git in Global setting and config the git username
And it fixes my problem
Hope it works for you as well, by the way, I use ubuntu, but it should be the same