I am trying to use a php script to deploy on my shared linux server to pull the private repository from github.com using the web hook function using ssh for the first time .
essentially: every time I make a github of a web hook, it sends a mail request to my php file, I want to use it to create a simple git pull command, thereby keeping my server and github in sync and I have a decent workflow , which will help me stop editing materials on the production server.
I use the terminal for my ssh connections.
I used ssh to go to my server and create a clone of my private repo, and it worked.
I can therefore ssh login to my server and release git pull , and it works fine. But, of course, I would like to automate this process. If I can get this to work, I would like to do the same for several other repositories.
I followed the github guide when creating keys and adding them to the ssh keys my account on github.com, I see that the keys exist in the / .ssh / folder on my host. private keys have chmod 600, public keys 644. I deleted them, updated new ones and deleted / re-added public keys on github several times.
I have the following keys:
1024 03:c4:16:45:40:77:a4:94:a4:... /home/username/.ssh/id_dsa (DSA) 2048 b3:62:87:e0:4b:39:aa:06:97... /home/username/.ssh/id_github (RSA)
I have a /.ssh/config file with the following (in the hope that github uses the id_github key based on this SO response :
and I updated my .git / config to change the command to git@github _server:username/repo
I copied the keys to authorized_keys using
cat id_github.pub >> authorized_keys
But when I commit, I get an email permissions denied (publickey) (my PHP script sends error messages for success / failure and based on this REPO :
this uses a simple git pull in shell_exec function, I added 2>&1 at the end for debugging.
I changed my command to (trying to add a key for the user)
`ssh-add -l git pull 2>&1`
and got a message
`Could not open a connection to your authentication agent.`
So, I tried to run ssh-agent using
`eval $(ssh-agent) ssh-add ssh-add -l git pull`
it returns the pid agent.
Agent pid 944568 ssh-add: No such file or directory -l: No such file or directory git: No such file or directory pull: No such file or directory
no, i just tried:
`eval $(ssh-agent) ssh-add git pull`
and returns:
Agent pid 949815 git: No such file or directory pull: No such file or directory
and to complete:
`eval $(ssh-agent) ssh-add -l git pull`
and returns:
Agent pid 952014 The agent has no identities.
additionally at some point, try something,
** edit: later it turned out: [^] **
eval $(ssh-agent) ssh-add ~/.ssh/id_github git pull 2>&1
I added something else to my team, which gave me the following:
Agent pid 940365 Enter passphrase for /home/username/.ssh/id_github: ssh-add: No such file or directory -l: No such file or directory git: No such file or directory pull: No such file or directory
which suggests that I need to add a passphrase for the user, and then it will work using keys, but how to do this from the php shell_exec command, if this is not a security problem?
for me it also implies that my keys are not set correctly for this user, but the output below shows that it is.
Additional Information:
running ps aux | grep ssh ps aux | grep ssh shows quite a few ssh agents listed. I do not know if this is a problem.
940006 0.0 0.0 57708 784 ? Ss 23:22 0:00 ssh-agent 940365 0.0 0.0 57708 768 ? Ss 23:24 0:00 ssh-agent 944222 0.0 0.0 57708 784 ? Ss 23:42 0:00 ssh-agent 944568 0.0 0.0 57708 772 ? Ss 23:44 0:00 ssh-agent 944854 0.0 0.0 57708 772 ? Ss 23:45 0:00 ssh-agent 945103 0.0 0.0 57708 772 ? Ss 23:47 0:00 ssh-agent 945188 0.0 0.0 57708 784 ? Ss 23:47 0:00 ssh-agent
the following command is executed based on this ssh SO response
# ssh -i ~/.ssh/id_github -vT git@github.com
I get it ...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /home/username/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to github.com [192.30.252.129] port 22. debug1: Connection established. debug1: identity file /home/username/.ssh/id_github type 1 debug1: identity file /home/username/.ssh/id_github-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian- 5ubuntu1+github5 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1+github5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'github.com' is known and matches the RSA host key. debug1: Found key in /home/username/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct ... debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/username/.ssh/id_github debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com ... debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0 Hi username! You've successfully authenticated, but GitHub does not provide shell access. debug1: channel 0: free: client-session, nchannels 1 Transferred: sent 2440, received 2920 bytes, in 0.2 seconds Bytes per second: sent 12993.2, received 15549.2 debug1: Exit status 1
I trimmed some things that I thought was not relevant, it seems that the keys exist and are being accepted - what is the important bit right?
So what am I missing?
ps I have keys added to github.
thanks
^ edit
the following is eval $(ssh-agent) ssh-add ~/.ssh/id_github : eval $(ssh-agent) ssh-add ~/.ssh/id_github in the returned terminal:
Agent pid 958924 Enter passphrase for /home/username/.ssh/id_github: (i added passphrase) Identity added: /home/username/.ssh/id_github (/home/username/.ssh/id_github)
UPDATE:
I deleted all my keys, ran it again with keygen, using the default id_rsa file name, I left the passphrase empty and it works! Received email and git pull command and deployed test file. Super.
Looking at the github manual for passphrases, I went in and edited my key by adding a passphrase and I will go back to the square. Permission denied (publickey).