I have a situation where for size limitations, I can't host the bare repository on the same server as a particular website. So I've setup a bare repository on server A which I want to push the master branch too when happy that the update is good. In the hooks/post-update it s开发者_Go百科hould ssh to the live server and pull the master branch.
I've generated a public ssh key on the live server, authorized it and copied the public key into /var/www/.ssh/authorized_keys file on the bare repo server. Bascially done everything on this site here
But it's failing when attempting to authenticate to the live server.
The post-update looks like this :
ssh liveuser@liveserver.com
cd cd/path/to/site/.git || exit
git pull bare master
exit
I get this message
$ git push server master
userForBare@www.ServerAAddress.com's password:
Counting objects: 5, done.
Delta compression using up to 3 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 279 bytes, done.
Total 3 (delta 2), reused 0 (delta 0)
remote:
remote: *** Pulling changes into Live [Live's post-update hook] ***
remote:
remote: Permission denied, please try again.
remote: Permission denied, please try again.
remote: Permission denied (publickey,gssapi-with-mic,password).
remote: fatal: The remote end hung up unexpectedly
To ssh://userForBare@www.ServerAAddress.com/var/git/websiteToUpdate.git
b251909..883d129 master -> master
You seem to run git pull
on live
, which means the live
will ssh back into www.ServerAAddress.com
. So there are 2 sshs that need to use passphrase-less public key for authentication and one of them is not correctly authorized:
- ssh from "A" ("bare") to "live" needs private key (
.ssh/id*
) stored on "A" and public key (in.ssh/authorized_keys
) on "live". - ssh from "live" back to "A" (inside the
git pull
) needs private key stored on "live" and public key on "A". The keys should be different.
The locations on the servers are probably different. The files on "A" need to be in userForBare
's home, while files on "live" need to be in home of www
user.
Look in the logs (ssh usually logs into /var/log/auth
or /var/log/security
) and check that it's actually finding the public keys it's supposed to and that it's willing to read it:
- Many setups will not have
/var/www
as$HOME
of thewww
user, so you may need to place the.ssh/authorized_keys
elsewhere. - ssh refuses to read anything
$HOME/.ssh/
if the file or any directory up to root is writable by anybody except that user or root, so if e.g./var/www
is group-writable, ssh will reject/var/www/.ssh/authorized_keys
as possibly compromised.
精彩评论