I have built a php script that performs a git fetch on a specific folder:
the exact command is :
usr/bin/git --git-dir=/home/bathan/www/sync_test/repo3//.git --work-tree=/home/bathan/www/sync_test/repo3/ fetch
Of course, if I run this on the command line it works perfectly.
Now, when I run this using shell_exec I get the following error:
Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,gssapi-with-mic,password). fatal: The remote end hung up unexpectedly
Looking into the server its trying to connect, the exact error is :
Apr 8 10:52:17 myserver sshd[26230]: Failed password for git from 192.15.136.253 port 32878 ssh2
So, Ok. I guess that this shell_exec is not able to read the ~/.ssh/id_rsa key I have set up. So I give 777 permission to that file and i get this error.
@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@ Permissions 0777 for '/home/bathan/.ssh/id_rsa' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /home/bathan/.ssh/id_rsa Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,gssapi-with-mic,password). fatal: The remote end hung up unexpectedly
So I guess that git IS able to read the key file. If I put it back to the correct permissions I go back again to the first error.
Note : my apache server is set to run with my same user (bathan) and this is an ubuntu box.
This is the ssh -v Response
OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Reading configuration data /home/bathan/.ssh/config
debug1: Applying options for gitserver
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to git.myserver.com [77.171.171.229] port 22.
debug1: Connection established.
debug1: identity file /home/bathan/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1023
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1023
debug1: identity file /home/bathan/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host开发者_StackOverflow社区 'git.myserver.com' is known and matches the RSA host key.
debug1: Found key in /home/bathan/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
..
..
Any Ideas?
Are you sure the PHP script is executed with the same user you setup ~/.ssh/id_rsa
with?
E.g. in lots of environments the webserver (e.g. Apache) is run by www-data
. And I'm only guessing that www-data
is not the user in whose $HOME/.ssh/
the id_rsa
is located.
Try to hardcode the location of the ssh-key in your .ssh/config
:
Host gitserver
Hostname fqdn.example.org
IdentityFile /home/THE-USER/.ssh/id_rsa
If this doesn't help, debug like so:
From PHP:
<?php
shell_exec("ssh -v gitserver");
See which keys are used in this case to get an idea why it may not work.
I found the problem.
The rsa_id was using a paraphrase and OBVIOUSLY it was not typed in by the script.
I removed the paraphrase with : ssh-keygen -p and it worked like a charm.
Thanks to everyone for their help!!
精彩评论