From a server (A) I launch a script called test.sh which contains this code :
#!/bin/bash
ssh login#server-b.com -p 22 'bash $HOME/tmp/git.sh'
exit 0
So from server (B) another script is launched (called git.sh) and contains :
#!/bin/bash
cd $HOME/tmp
git clone ssh://repo_login#my-repo.com:22/home/scripts
exit 0
But the git clone does not work and I get this error message :
Cloning into 'scripts'...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
But from server (B) If I launch the git.sh script manually, it works.
Do you have an idea why?
Thanks
L.
When running a script through ssh, you need to start the ssh-agent, and add your keys before you can connect to another machine.
Script git.sh should be modified as below (assuming your key is in file ~/.ssh/id_rsa):
#!/bin/bash
cd $HOME/tmp
eval $(ssh-agent)
ssh-add ~/.ssh/id_rsa
git clone ssh://repo_login#my-repo.com:22/home/scripts
exit 0
Related
I used the following script (autoupdate.sh) to update my git repository automatically using SSH whenever I make a change to the local repository in raspberry pi 3B.
#!/usr/bin/env bash
DATADIR="/home/pi/data"
cd $DATADIR
if [[ -n $(git status -s) ]]; then
echo "Changed found. Pushing changes..."
git add -A && git commit -m "$1: Update files" && git push origin main
else
echo "No changes found. Skip pushing."
fi
Then I call a script measurement.sh that calls the above script whenever the internet is connected ( I used 4G dongle USB). Something like
...
cd ~/data; bash autoupdate.sh $DATE
...
However, when I run sudo bash measurement.sh it encountered the errors (It has made a commit but not push). Without sudo it works fine.
Permission denied(public key)
...
I checked from GitHub document https://docs.github.com/en/github/authenticating-to-github/troubleshooting-ssh/error-permission-denied-publickey by regenerating the ssh key as well as verified the public key but it did not solve at all. When I pushed commits in a separate terminal it works fines so I do not think the issue relates to the SSH key. I doubt that to run the script successfully it with sudo, the SSH keygen must also be generated with sudo at first.
What could be the reasons for it?
Without sudo it works fine.
So why use sudo in the first place.
As commented, using sudo alone means using commands as root.
At least, a sudo -u <auser> would means the ~ in cd ~/data would be resolved by the appropriate /home/auser, instead of /root.
We have linux script in our environment which does ssh to remote machine with a common user and copies a script from base machine to remote machine through scp.
Script Test_RunFromBaseVM.sh
#!/bin/bash
machines = $1
for machine in $machines
do
ssh -tt -o StrictHostKeyChecking=no ${machine} "mkdir -p -m 700 ~/test"
scp -r bin conf.d ${machine}:~/test
ssh -tt ${machine} "cd ~/test; sudo bash bin/RunFromRemotevm.sh"
done
Script RunFromRemotevm.sh
#!/bin/bash
echo "$(date +"%Y/%m/%d %H:%M:%S")"
Before running Test_RunFromBaseVM.sh script base vm we run below two commands.
eval $(ssh-agent)
ssh-add
Executing ./Test_RunFromBaseVM.sh "<list_of_machine_hosts>" getting permission denied error.
[remote-vm-1] bin/RunFromRemotevm.sh:line 2: /bin/date: Permission denied
any clue or insights on this error will be of great help.
Thanks.
I believe the problem is the presence of the NOEXEC: tag in the sudoers file, corresponding to the user (or group) that's executing the "cd ~/test; sudo bash bin/RunFromRemotevm.sh" command. This causes any further execv(), execve() and fexecve() calls to be refused, in this case it's /bin/date.
The solution is obviously remove the NOEXEC: from the main /etc/sudoers file or some file under /etc/sudoers.d, whereever is this defined.
As I wrote in the object, I have some parts of a component I'm writing that have to be used in other projects.
I don't want to use all the component but only the "common" parts.
So, I created a "Common" folder and in it I put all the common files I need to share across projects.
Now, I need to automatically create a subtree split of this folder and push its contents to a read only repository I have on BitBucket.
Just for information: to deal with the authentication part, I've created a new ssh key pair and put the private key in an environment variable: this variable is then used by the bash script to create the file to pass to ssh-add. The public key is set in my BitBucket account.
The problem is that the script seems not pushing the splitted code to the remote read-only repository. While executing manually all the commands all works well, I'm not able to make this work in an automated way.
More, as I have never used bash to write script, I'm sure there are a lot of errors in it and that it can be deeply refactored to be better.
Following the code of the script:
#!/usr/bin/env bash
cd ~/src/bitbucket.org/Aerendir/component-remotes/
echo "> Current working directory: $PWD"
echo '> Creating the key file'
printf %q -v "$ssh_component_remotes_common_key" > bitbucket_key
chmod 400 bitbucket_key
ls ~/src/bitbucket.org/Aerendir/component-remotes/
echo '> Adding the identity for bitbucket.org to config'
cat <<EOT >> ~/.ssh/config
Host bitbucket.org
IdentityFile ~/src/bitbucket.org/Aerendir/component-remotes/bitbucket_key
EOT
cat ~/.ssh/config
echo '> Adding the key to SSH agent'
eval "$(ssh-agent -s)"
/usr/bin/expect <<EOF
spawn ssh-add ${HOME}/src/bitbucket.org/Aerendir/component-remotes/bitbucket_key
expect "Enter passphrase for key '/home/rof/src/bitbucket.org/Aerendir/component-remotes/bitbucket_key':"
send "$ssh_component_remotes_common_pass";
interact
EOF
echo -e '\n > Creating the subtree repository'
mkdir _component-remotes-common
cd _component-remotes-common
git init --bare
git remote add origin git#bitbucket.org:Aerendir/component-remotes-common.git
/usr/bin/expect <<EOF
spawn git remote show origin
expect "Enter passphrase for key '/home/rof/src/bitbucket.org/Aerendir/component-remotes/bitbucket_key':"
send "$ssh_component_remotes_common_pass";
interact
EOF
echo -e '\n > Splitting in the subtree repository'
cd ../
echo "> Current working directory: $PWD"
git subtree split --prefix=src/Remotes/Common -b split
git push _component-remotes-common split:master
echo '> Pushing to the remote repo'
cd _component-remotes-common
echo "> Current working directory: $PWD"
/usr/bin/expect <<EOF
spawn git push origin master
expect "Enter passphrase for key '/home/rof/src/bitbucket.org/Aerendir/component-remotes/bitbucket_key':"
send "$ssh_component_remotes_common_pass";
interact
EOF
echo "$expect_out(0, string)"
And this is the output:
> Current working directory: /home/rof/src/bitbucket.org/Aerendir/component-remotes
> Creating the key file
bin composer.json docs phpunit.xml.dist src
bitbucket_key composer.lock log readmegen.yml tmp
CHANGELOG.md CONTRIBUTING.md phpdoc.xml.dist README.md
> Adding the identity for bitbucket.org to config
UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no
ServerAliveInterval 3
ServerAliveCountMax 600
Host bitbucket.org
IdentityFile ~/src/bitbucket.org/Aerendir/component-remotes/bitbucket_key
> Adding the key to SSH agent
Agent pid 5919
spawn ssh-add /home/rof/src/bitbucket.org/Aerendir/component-remotes/bitbucket_key
Enter passphrase for /home/rof/src/bitbucket.org/Aerendir/component-remotes/bitbucket_key:
> Creating the subtree repository
Initialized empty Git repository in /home/rof/src/bitbucket.org/Aerendir/component-remotes/_component-remotes-common/
spawn git remote show origin
Warning: Permanently added 'bitbucket.org,104.192.143.2' (RSA) to the list of known hosts.
Enter passphrase for key '/home/rof/src/bitbucket.org/Aerendir/component-remotes/bitbucket_key':
> Splitting in the subtree repository
> Current working directory: /home/rof/src/bitbucket.org/Aerendir/component-remotes
Created branch 'split'
490b1f471932a308075c568f21c36bab5f102818
Counting objects: 8, done.
Delta compression using up to 36 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (8/8), 667 bytes | 0 bytes/s, done.
Total 8 (delta 0), reused 5 (delta 0)
To _component-remotes-common
* [new branch] split -> master
> Pushing to the remote repo
> Current working directory: /home/rof/src/bitbucket.org/Aerendir/component-remotes/_component-remotes-common
spawn git push origin master
Warning: Permanently added 'bitbucket.org,104.192.143.3' (RSA) to the list of known hosts.
Enter passphrase for key '/home/rof/src/bitbucket.org/Aerendir/component-remotes/bitbucket_key': (0, string)
It seems to work untile the push: at that point, I receive no other output. Obviously the remote repo remains empty but I don't know which is the problem as I don't receive any error as output.
I'm working on this script since about 5 hours and I'm very jaded: any help is greatly appreciated to make this work! Thankyou...
I have a script that I would like to have do a git pull inside another user's git directory. This script is run by the root user. For example:
cd /home/username/GitProject
sudo -u username -i git pull
When I run this, I get:
fatal: Not a git repository (or any of the parent directories): .git
Is there a way to have my script do a git pull as username?
Try without the -i option to sudo. That option is documented as first changing to the target user's home directory, which undoes the directory change you so carefully do before that. Alternatively, use the appropriate options to git to specify the directory, something like this:
sudo -u username -i git --git-dir=/home/username/GitProject/.git --work-tree=/home/username/GitProject pull
This can be done without sudo. This assumes you have password-less ssh keys since you are talking about a script. Here's the failure:
# git clone <user>#<host>:/path/to/repo
Cloning into 'repo'...
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
This shows that ~ properly expands to the user's homedir:
# MYUSER=somebody
# su - $MYUSER -c "echo ~"
/home/somebody
And here's the actual command used to clone into the home directory along with some extra proofs:
# su - $MYUSER -c "git clone <user>#<host>:/path/to/repo"
Cloning into 'repo'...
remote: Counting objects: 13, done.
<..>
# ls -l /home/$MYUSER/repo/.git/config
-rw-r--r-- 1 somebody somebody 275 Nov 8 23:55 /home/somebody/repo/.git/config
# su - $MYUSER -c "cd ~/repo; git remote -v"
origin <user>#<host>:/path/to/repo (fetch)
origin <user>#<host>:/path/to/repo (push)
# su - $MYUSER -c "cd ~/repo; git pull"
Already up-to-date.
I connect over ssh to a distant machine using this in my ~/.ssh/config:
Host myserver
User myusername
ProxyCommand ssh myserver2 exec nc myserver 22
But when I try to pull the remote git repository, I obtain this error:
% git pull myserver:~/mygitrepository
zsh:1: command not found: git-upload-pack
fatal: The remote end hung up unexpectedly
The problem is that my git executable files are not in standard path defined by $PATH. On the remote machine:
% which git-upload-pack
/c5/shared/git/1.7.6/bin/git-upload-pack
and on the local machine:
% ssh myserver "env | grep PATH"
PATH=/usr/local/bin:/bin:/usr/bin
ssh doesn't read the remote PATH definition in .zshrc or .bashrc. How can I define the PATH to git executable files over ssh?
Actually I've found my answer here. One solution is to set the upload-pack path in the remote using :
git pull --upload-pack=/c5/shared/git/1.7.6/bin/git-upload-pack myserver:~/mygitrepository
in the client.