For context, I am trying to create a deploy script on my local machine (A) to deploy my code to a remote server (B). I don't have root access on B.
Here are the contents of my bash script pertaining to this:
ssh $SSH_ENDPOINT /bin/bash << EOF
cd ~/$PROJECT
git pull
I can ssh in successfully, then cd into the directory. However, git pull fails with:
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
On both A and B, I have set up SSH with GitHub and it works fine, I can push and pull without having to enter any passphrase or anything of the sort.
I'm not completely sure why this error is being thrown as both public keys should work.
EDIT: Doing -vv with ssh gives:
debug2: channel 0: rcvd ext data 32
Permission denied (publickey).
debug2: channel 0: written 32 to efd 6
debug2: channel 0: rcvd ext data 126
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Not quite sure how to proceed from here.
CodePudding user response:
I can ssh in successfully, then cd into the directory
But with which user?
If you ssh, and try the failed git pull, try it after (in your interactive SSH testing session) a
export GIT_SSH_COMMAND='ssh -Tv'
That way, you will see which user/keys are considered for any Git operation involving SSH.
CodePudding user response:
Based on your comments under VonC's answer, the issue occurs once you're running commands on machine $SSH_ENDPOINT. The Git command run there, which uses the ssh program installed there, needs to read a passphrase to decrypt the keys on machine $SSH_ENDPOINT.
There are two methods to handle that issue:
- don't use a passphrase-encrypted key; or
- do use an ssh agent, and have the agent do a pass-through (see
-Aagent forwarding in the ssh manual).
In the latter case, you don't need to store the private key on machine $SSH_ENDPOINT at all. Just create the .ssh directory with the proper public key, if you need to select a particular public key with Identity and/or IdentitiesOnly lines. (If there's only one key to use you may not need any of this, but in the setups I've used in the past, I always had multiple public keys and needed ssh to select the right one from them.)
Note that the agent will be running on your local machine ("machine A" in your question). There will be a pass-through running on machine B that obtains the private key from machine A on demand. If the key on machine A needs a passphrase, you may have to supply it at that time.