Clone private git repo to remote host using sudo - linux

I would like to run the following command:
ssh -A josh#remote_ip sudo git clone git#github.com:private/private-repo.git /home/ec2-user/private-repo
but I get an error:
Cloning into '/home/ec2-user/private-repo'...
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
The command works when I want to clone into a directory I own (~/private-repo) without sudo. The command doesn't work if I include sudo into a directory I already own.
Since I need to use sudo to write into the other user's directory, how can I get this command to work? Logging in as ec2-user is not a possible solution.

Thank you to #chepner for pointing me in the direction of the issue: my ssh key does not get passed to ~root/.ssh when I use sudo.
To fix this, I used visudo to add this line to my /etc/sudoers file:
Defaults env_keep += "SSH_AUTH_SOCK"
Source

Related

No access to remote repository

I am deploying my node.js app.
I am using git hooks and creating a remote repository.
In the image below you can see that i have added the remote 'adiproduction' to which i will push from my local repo.
Below i am pasting the image of content in post-receive file of hooks.
Following is the error when i try to push my code on 'adiproduction' remote.
ubuntu#35.154.65.179: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Edit:
I tried running the ssh -Tv ubuntu#35.154.65.179 command. And i got the following output.
try to run the code with "sudo"
sudo helps you to run the command with root privilege
and secondly, if you dont want use sudo so please set the ssh key on your git account, this link will helps you to set the ssh key-
'https://www.cyberciti.biz/faq/how-to-set-up-ssh-keys-on-linux-unix/'
and lastly if above solution not helps then please delete the current repository and try to clone again useing following command with ssh clone link-
git clone -b
thank you

Need help cloning a GitHub repository because of public key issues

I am trying to clone a private GitHub repository in a server that I am trying to get up and running on a virtual machine.
No matter what I do, I keep getting the following error:
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I have tried a bunch of things. For starters, I made sure that I made my rsa keys correctly by following GitHub's tutorial. I am also sure that my public rsa key found at ~/.ssh/id_rsa.pub was correctly copied over to my GitHub account's ssh keys.
My config file at ~/.ssh/config looks like the following:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
I have tried cloning a public repository and a private repository, and both don't work.
When I go to clone the repository I am executing the following command:
sudo git clone git#github.mit.edu:<GitHub Name>/<Repo Name>.git
If I execute the command without sudo, I get the following error:
fatal: could not create work tree dir '<Repo Name>'.: Permission denied
I am inside of a Python virtual environment when I do all of this. Does that make any difference?
I have been reading Stack Overflow posts related to this matter, but none of them are helping me address my issue.
Any help would be greatly appreciated! Thank you!
You are using sudo so Git is using ssh keys of user root.
To make this work you'd have to call git without sudo.
So when I don't use sudo I get the error fatal: could not create work
tree dir 'cardlearning'.: Permission denied
Make sure current user has write permission in directory you are executing the clone.
You can't clone into existing directory so as a workaround you can:
$ sudo mkdir tmp
$ sudo chown $USER: tmp
$ git clone git#github.mit.edu:<GitHub Name>/<Repo Name>.git tmp/cardlearning
$ mv tmp/cardlearning ./cardlearning
$ rmdir tmp
Check that your user has permissions to write to the directory you are in.
or execute
git clone git#github.mit.edu:<GitHub Name>/<Repo Name>.git ~/myRepo
to place it in the myRepo subdirectory of your home directory.
Do not use sudo to edit your ssh config when using a ~ referenced path, as you may end up editing the root user's ssh preferences and not your users. Likewise do not clone repositories using sudo as it will attempt to connect using the root user's ssh key.

Should we use sudo for git operations?

What is the difference between the following two command lines?
root#superhero:~/Workspace/# sudo git push origin master
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
root#superhero:~/Workspace/# git push origin master
Everything up-to-date
Using sudo causes the command to run as the root user. The Git command uses credentials and configuration stored in the current user's home directory; when you run as sudo, this code is going to be looking at the root home directory, not your home directory and thus miss this context.
In most cases, it should not be necessary to use sudo. There are very few cases where it is required (such as installing software globally such as with apt-get) and when it comes to programming, use of sudo is often but not always an anti-pattern (in order to ensure that source code is hermetic and reproducable, most software should be installed in the repository, not globally).
When you are using sudo in your command. This is the root user that execute the command. The key used to access to your git server are store in a directory (.ssh/). When you run the command in root. The directory is the '.ssh/' of root so not the good one.
Another point, with sudo, this is a user from sudo group that execute the command. So the sudo group does not have access to your.ssh

make git clone with sudo

when I make git clone with ssh from a user prompt it works properly.
git clone ssh://URL.com/soft.git soft_git
the ssh key id_rsa and id_rsa.pub are under /home/user/.ssh
my purpose is the execute git with sudo but I got the following error
Cloning into '/home/user/git/soft'...
Permission denied (publickey,keyboard-interactive).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I create a folder /root/.ssh and I copy the ssh keys into it but I got the same error
how to execute git with sudo properly.
When you run git using sudo, git will run as root. Because git is running as root, ssh is running as root. Because ssh is running as root, it is trying to log on to the remote server as root. The remote server is not okay with this (as it should be!)
You will need to do two things:
Put the username in your URL: ssh://myusername#URL.com/soft.git.
Make your SSH key available to the root user, because it will look under /root/.ssh instead of /home/user/.ssh. (You could also probably point SSH at the correct key, but I don't know how to do this, and SSH is picky about permissions.)
On my computer (Ubunutu 18.04), adding SSH_AUTH_SOCK=$SSH_AUTH_SOCK after sudo and before git fixed the problem:
sudo SSH_AUTH_SOCK=$SSH_AUTH_SOCK git clone git#github.com:my-github-account/my-repo.git
Normally, sudo's SSH_AUTH_SOCK environment variable won't be set properly. Executing the git clone with SSH_AUTH_SOCK=$SSH_AUTH_SOCK sets sudo's SSH_AUTH_SOCK environment variable to whatever it is for you.
This way, you don't need to add an extra .ssh dir for sudo with copies of your keys, which is what I think one of the other answers suggests.
The solution is more fully explained in this rather old github gist:
https://gist.github.com/scottjacobsen/4281310
P.S. I'm adding a new answer several years later; I googled a solution to this problem, and this SO Q/A is one of the first things that comes up.
Normally the default remote ssh user is the same as your user name. If you're using sudo this will be root which probably isnt' going to work. You need to supply the remote username.
sudo git clone ssh://username#URL.com/soft.git soft_git
You can generally resolve git ssh issues easier by trying to login to the remote with plain ssh. You'll get better diagnostics and can see what's going wrong.
sudo ssh ssh://URL.com/

Use a git repository on /var/www/html/

I am making a web tool and hosting this project on Github. I want to create a repository on my machine (running linux) being able to easily test it on local.
I can test it without problems on /var/www/html (already have apache and php set up), but I am having trouble creating a repository there. However, if I try to create the repo in ~/Documents/Github/PROJECT_NAME it works perfectly; but I can't test my project from there.
How can I create a repo inside /var/www/html where I can put my project files and run them locally without problems?
I tried to run sudo git init then sudo git clone git#github.com:xxx/xxx.git (that is how I clone my repo on ~/Documents/Github/PROJECT_NAME, so I have already exchanged SSH keys with Github) but it didn't work:
Cloning into 'PrerequisiteVisualizer'...
Warning: Permanently added the RSA host key for IP address '192.30.252.129' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
EDIT: I am able to run without problems
mkdir ~/Desktop/TESTING
cd ~/Desktop/TESTING
git init
git clone git#github....
My question is similar to Attempting to use symbolic link for var/www/html but it still is different.
EDIT2: I think I need to clarify why the thread I cited isnt what I am looking for. I saw the solution proposed there but note that, as long as I understood the other thread, they created a directory in his home (~) and made it accessible locally using the per-user web directories. But this is not what I want to do. I just want to "create a repo inside /var/www/html", not in anywhere else.
The problem isn't strictly with /var/www/html, it's with sudo. If you use sudo to do git, you are running it as a different user, which doesn't have access to your private ssh credentials (nor should it have).
In the other thread you pointed to there's an explanation of per user www directories, which should be one way of solving your problem. If it doesn't, you could amend the question with reasoning why it doesn't.
Update: based on the discussion, you want all content within /var/www/html owned by the user operating git repository. That you should be able to do in the way proposed by #rogerovo in a comment to this answer:
sudo chown -R _currentuser_:www-data /var/www/html && chmod -R g+sw /var/www/html
Permissions for /var/www/html folder needs to be changed.
Kindly run this command sudo chmod o+w /var/www/html to give write access to everyone.
Once run, you should be able to transfer files in /var/www/html folder.

Resources