I can successfully execute git pull in linux command line on my VPS, but when I execute a bash file containing "git pull" with execFile in Nodejs, it gave me an error: Command failed: Host key verification failed. How can I solve this problem?
Update:
The whole error message I get is:
{ [Error: Command failed: Host key verification failed. fatal: Could not read
from remote repository. Please make sure you have the correct access rights
and the repository exists. ] killed: false, code: 1, signal: null }
It seems that it's not the same problem with the question dylants provided.
The bash file script is like this, I use it to auto deploy my nodejs app:
git pull && pm2 reload www
I am using ssh protocol instead of https protocol on my vps in order to prevent the password prompt each time I git pull from my bitbucket repository. So ssh keys were generated in my user directory ~/.ssh/. I think the reason why nodejs failed to execute the bash file is this: The user who run the bash file in nodejs app is different from the user who run the bash file in command line. so the user running nodejs can't use the ssh keys located in ~/.ssh for verification.
Is that right? How to fix it?
I think you have correctly identified the problem: the nodejs application does not have access to your ssh credentials. You have a few options available:
If you can make the repository available for anonymous read-only access via http:// or git:// protocols, you can have the nodejs pull changes without requiring any sort of credentials.
You can generate an ssh key for the nodejs user and grant that user read-only access to the repository. You would just need to generate an ssh keypair in the appropriate location for that user.
You could drop your own credentials where your nodejs app can make use of them, but this has a number of security problems -- if your webapp is compromised, the attacker can write changes to your repository that will appear to come from you. So don't use this option.
Related
I followed this link https://docs.gitlab.com/ee/ci/ssh_keys/README.html#ssh-keys-when-using-the-shell-executor to install SSH key using shell executor.
all the steps were running fine but at the final step when I tried to log in to the remote server in order to accept the fingerprint
by this script ssh gitlab-runner#myserver.com
I receive the following error
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I added the ssh public key in settings >> sshkey
also add it into variables as SSH_KNOWN_HOSTS
I couldnt find what is the issue , could you help me , thanks
Try a ssh -Tv gitlab-runner#myserver.com in order to check which exact key and paths are considered when trying to read the remote server.
That will give you a clue why the connection fails, when you compare those paths with the ones set up when you inject an SSH key into your build environment by extending your .gitlab-ci.yml.
I'm trying to push my project on git to my remote Linux server from my local Windows PC.
I have no issues connecting to my server through SSH when I use PuTTY. But PuTTY is only for the remote server, and doesn't let me look in my own local pc - so I can't access my git repository to push from.
Instead I've been trying with Git Bash, where I go to the repository(master) of my git project, and then attempt "git push production master". Receiving "Permission denied (publickey)" in response in Git Bash.
I have loaded by private key from my user/.ssh folder on local pc, using PuTTYgen, copy/pasted the public key it shows into my Github account's SSH-keys.
This is the same key that I use for connecting with PuTTY(which works).
If I use "git remote -v" in Git Bash, I receive what is the correct url for the server:
"
production ssh://notacop#mafiauniversedata.com/var/repo/site.git (fetch)
production ssh://notacop#mafiauniversedata.com/var/repo/site.git (push)
"
"notacop" is the admin user I made instead of root, which is also the one that I use in PuTTY.
If I attempt "ssh notacop#mafiauniversedata.com" in Git Bash I also receive the "Permission denied (publickey)" response. So seemingly the issue is related to the publickey that Git Bash uses, as it can't connect at all.
My user/.ssh folder contains:
digitalocean_private_key (is the one PuTTY uses/the one generated by PuTTYgen) + digitalocean_public_key
github_rsa + github_rsa.pub
id_rsa + id_rsa.pub
known_hosts
I feel like I've set things up in accordance with the general guidelines, and it does work in PuTTY, so the issue must be related to Git Bash and how Git Bash establishes ssh connection.
But I'm fairly clueless about how to fix the issue, and haven't been able to find a solution from searching. My guess is that it's something fairly simple, but I've been stuck on this for a couple weeks now, not getting anywhere because of it.
Any answers that can lead me in the right direction will be highly appreciated!
If anything about my question is unclear, or you need more information to answer, please let me know.
I don't know why Git Bash's own ssh doesn't seem to work for you,
but I have a better recommendation: make Git Bash use PuTTY, by setting the GIT_SSH environment variable to the path of plink.exe (that's not a typo, it's not putty.exe, but another executable that comes with the zip of PuTTY tools).
The main advantage and reason to do this is so that Git Bash can benefit from pagent.exe, the key manager of PuTTY.
So that you can enter your passphrase once,
when adding your private key to Pagent,
and then you don't need to re-enter it every time you perform remote operations in Git Bash.
I have configured Jenkins on a Linux machine and my git repo is on an another Linux server. But when I try to give the URL of the repo to Jenkins I get the following error.
Failed to connect to repository : Command "git -c core.askpass=true ls-remote -h ssh://user#ip/~/export1 HEAD" returned status code 128:
stdout:
stderr: Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
What could be the cause for this?
I have seen that both the systems' rsa key is present in each other's .ssh/known_hosts folder.
I am able to pull or clone code from the repo to a folder in Jenkins system as well. So why is Jenkins not able to take it?
I have also tried the URL user#ip:/fullpath/to/repo
You need to make sure Jenkins is running as the right user (the one who has the keys in ~/.ssh/id_rsa(.pub)
That user might not be the same as the one used in the ssh url: user#ip means you are connecting to ip using an account which has your public key in ~user/.ssh/authorized_key.
So the Jenkins process must be run by an account which has the private and public key, whose public key is in ~user/.ssh/authorized_key on the git server side.
And that account should have done (only once) an ssh-keyscan -H ip >> ~account/.ssh/known_hosts before any ssh attempt, in order to record the git server ip as a known host.
Does it being a bare repo make any difference or change in the URL?
No. The .git at the end of the bare repo folder is optional when used as an url.
Further to #VonC's reply, you can also use the Credentials plugin to define a set of credentials on your Jenkins master that your Jenkins job uses to access your Git repo. This allows you to run Jenkins itself as a different user from there one that has access to the Git repo.
The main problem was the security of the systems. I hadnt checked the authentication mechanisms on my server. The password authentication to the git server was causing the problem because the jenkins machine tries to directly fire a ls-remote to the path. When you do the same thing on the terminal you will be prompted for a password and then itl accept. When I set the password authentication and UsePAM to no and enabled the RSA authentication, pubkey authentication and authorised key setting to yes in the sshd_config file, and restarted, it was able to access the repo and I dint get this error.
I am attempting to write a generic command-runner in Node.JS - however that's not massively important.
My setup is as follows:
I have a list of string commands that are executed using child_process.exec one after the other.
I want to run git from one of these commands, specifically a pull.
The location I am pulling from requires SSH authentication. HTTPS is not an option.
My private key is passphrased.
I am currently using keychain to manage ssh-agent.
When running git pull from the command line, it succeeds. When running my application as the logged-in user, it succeeds. However, when running my application using forever, it fails.
The error I receive is Permission denied (publickey).. I have tried calling keychain as part of my command, but I cannot get it to recognise the credentials.
How can I fix this?
My mistake was taking the contents of .bash_profile and using that to set up keychain from my exec.
What I needed to do was:
. $HOME/.keychain/$HOSTNAME-sh; git pull
I found this out by looking up examples of how to use keychain with bash scripts.
I have created a configuration on one machine (ubuntu) that works and checks out code from repo, now I try to duplicate the same configuration on another machine.
I have configured ssh to the point when I can issue:
ssh -Tv git#gihub.com
And I get correct response:
Hi <myrepo>! You've successfully authenticated, but GitHub does not provide shell access.
I can see which key is taken for authentication. I also can checkout code from repo manually.
But when Capifony runs checkout code it ends up with:
Error reading response length from authentication socket.
I have already upgraded net-ssh gem to 2.9.1, tried with ssh-add (although I have forwarding set up in /etc/ssh/ssh_config).
It looks like Capfiony does not see ssh authentication configuration that works from command line, how can it be ?