I inherited a deployment system that is currently broken and I'm at a loss at how to fix it.
The basic setup is adding 3 keys to ssh-agent and pulling a few private repos from Github via the Go deployment software from ThoughtWorks.
I seem to need to have one ssh-agent running that can be accessed by multiple user accounts.
I've started a ssh-agent and added the keys to it and then I was able to clone private repos from the command line without issue, but when the main application( which is using the same user account ) tries to clone it fails with a permission denied error.
My guess is that the ssh-agent that is holding the keys is not accessible to the application for some reason.
Here are the instructions that I have:
export SSH_AUTH_SOCK=/var/go/ssh-agent.sock
ssh-add ~/.ssh/go_deploy_id_rsa
ssh-add ~/.ssh/go_id_rsa
ssh-add ~/.ssh/deploy_id_rsa
When I set the SSH_AUTH_SOCK environment variable it seems to kill any ssh-agent that is/was running and when I issue the ssh-add command I get the classic:
"Could not open a connection to your authentication agent."
So basically how do I start ssh-agent AND have it use the SSH_AUTH_SOCK I defined earlier and stay running so that the Go application uses it when it communicates with Github?
This use to work so I know that the setup is technically valid.
SOLVED: It turns out the ssh-agent socket that I was using was stale. Deleting the socket and re-creating it allowed the keys to be added and communication worked again.
Related
From one of my hosts I can authenticate with ssh to GitHub, from another I cannot git#github.com: Permission denied (publickey).
I was having some issues from my Mac creating a new repo and pushing to it, I always got a permission denied error. However from my Linux host it worked fine.
I checked the repos for deploy keys (in case this was causing the issue), none of my repos had a deploy key set.
I checked the keys on GitHub and there was only one ssh key installed. I deleted this key and tested, as expected the repos from the Linux host could not connect, yet the Mac could still connect.
From the Mac:
ssh -T git#github.com Hi mcdent/blog1! You've successfully authenticated, but GitHub does not provide shell access. bash-3.2$
From Linux:
[mike#docker1 doing]$ ssh -T git#github.com git#github.com: Permission denied (publickey). [mike#docker1 doing]$
I'm puzzled as to how the Mac is still authenticating? I likely did have a repo called blog1 in the past but I certainly don't now.
Ideally I'd like to have a single key used on GitHub, which I can use with both my Linux and MacOS hosts.
Any pointers very welcome.
I'm puzzled as to how the Mac is still authenticating?
Then try a ssh -Tv git#github.com.
You will see which key file is accessed and used for this authentication.
It should be a private key whose public key is registered to your account.
Check your environment variables or git config --global / git config --system -l for anything including blog1.
I followed this link https://docs.gitlab.com/ee/ci/ssh_keys/README.html#ssh-keys-when-using-the-shell-executor to install SSH key using shell executor.
all the steps were running fine but at the final step when I tried to log in to the remote server in order to accept the fingerprint
by this script ssh gitlab-runner#myserver.com
I receive the following error
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I added the ssh public key in settings >> sshkey
also add it into variables as SSH_KNOWN_HOSTS
I couldnt find what is the issue , could you help me , thanks
Try a ssh -Tv gitlab-runner#myserver.com in order to check which exact key and paths are considered when trying to read the remote server.
That will give you a clue why the connection fails, when you compare those paths with the ones set up when you inject an SSH key into your build environment by extending your .gitlab-ci.yml.
I am attempting to write a generic command-runner in Node.JS - however that's not massively important.
My setup is as follows:
I have a list of string commands that are executed using child_process.exec one after the other.
I want to run git from one of these commands, specifically a pull.
The location I am pulling from requires SSH authentication. HTTPS is not an option.
My private key is passphrased.
I am currently using keychain to manage ssh-agent.
When running git pull from the command line, it succeeds. When running my application as the logged-in user, it succeeds. However, when running my application using forever, it fails.
The error I receive is Permission denied (publickey).. I have tried calling keychain as part of my command, but I cannot get it to recognise the credentials.
How can I fix this?
My mistake was taking the contents of .bash_profile and using that to set up keychain from my exec.
What I needed to do was:
. $HOME/.keychain/$HOSTNAME-sh; git pull
I found this out by looking up examples of how to use keychain with bash scripts.
[SSH] "Could not open a connection to your authentication agent". error
I am trying to add ssh keys into my ssh agent. I start by making sure that the ssh-agent is running.
exec ssh-agent bash
I make sure that ssh-agent is running.
ps axu | grep [s]sh
and get the following
root 1562 ... ssh-agent bash
The env variables are set correctly.
SSH_AGENT_PID=1562
SSH_AUTH_SOCK=/tmp/ssh-699iHAxuK4xX/agent.1561
However when I try to add the private key using
sudo ssh-add ~/.ssh/peter-key
I get the ssh error
Could not open a connection to your authentication agent.
I have tried the suggestions on stackoverflow and serverfault but nothing.
Note: I am running a linux machine on one of the free tier AWS machines with ubuntu. My instance's security group allow (temporarily) all incoming and outgoing ssh connections from any IP address. Anyone know what the error could be?
Just use
ssh-add ~/.ssh/peter-key
...not...
sudo ssh-add ~/.ssh/peter-key
Using sudo (optionally/configurably, but typically) clears a number of environment variables, including the ones you just verified were set. (Compare output of sudo env and plain env to see this effect).
If you must use sudo to read the key, then you can ensure that the necessary environment variable is set on the other side by doing so explicitly yourself:
sudo env "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" ssh-add ~/.ssh/peter-key
However, it's possible for security-sensitive programs working with UNIX domain sockets to check the ownership and permission of software on the other end of that socket, and to refuse to communicate with anything running on a user account different from what they expect, so it's possible that this approach may not be future-proof against security features added to ssh-agent.
I installed Gitlab on my Ubuntu successfully(gitlab.domain.com), on a client PC I installed Git (windows 7), then run Git Bash to generate SSH keys with command: ssh-keygen -t rsa -C "username#domain.com" to create private/public keys on C:\Users\AccountName.ssh
Then, add public key to profile on installed gitlab. Then can clone/push on Git Bash.
However, I can not reproduce this on other PCs, I tried some PCs, created new users, new ssh keys...
but always encounter that error "The remote end hung up unexpectedly", sometimes can clone but also get that error when pushing.
I can only clone/push on first PC. I'm so confused, don't know what I missed. I'm trying to get my team on Git
Thanks a lot for any advice
Make sure you are pointing it at the correct git server. Also - login on your Jenkins server (Under the jenkins user) and ssh to git#your-git-server and make sure to select 'yes' to add the server to your known hosts.
I had the same error and it was an access-level problem :
my user only had guest access to my project so it wasn't able to clone it. I changed the access level to developper and it solved my problem