Home > database >  Ansible git clone github permission denied (publickey)
Ansible git clone github permission denied (publickey)

Time:09-17

I've been working on this for ~2 hours now, and I'm completely at a loss. I know this question has been asked and answered before, but I'm totally stumped.

I'm trying to clone a github repo onto a virtual machine via ansible.

When I do I get the following error:

Warning: Identity file /home/REMOTE_USER/.ssh/id_ed25519 not accessible: No such file or directory
[email protected]: Permission denied (publickey)
fatal: Could not read from remote repository
Please make sure you have the correct access rights and the repository exists.

Here is the ansible playbook handling the github cloning:


- name: Create SSH Key
  hosts: vm
  remote_user: REMOTE_USER

  vars:
    local_keyfile: /home/LOCAL_USER/.ssh/id_ed25519
    public_key: "{{ lookup('file', '/home/LOCAL_USER/.ssh/id_ed25519.pub') }}"
    remote_keyfile: /home/REMOTE_USER/.ssh/id_ed25519
    repository: "[email protected]:GITHUB_USERNAME/GITHUB_REPO.git"

  tasks:

  - name: Add public key to authorized keys
    lineinfile:
      path: /home/REMOTE_USER/.ssh/authorized_keys
      line: "{{ public_key }}"

  - name: Copy SSH Key
    copy:
      src: "{{ local_keyfile }}"
      dest: "{{ remote_keyfile }}"
      owner: REMOTE_USER
      group: REMOTE_USER
      mode: 0600

  - name: Configure SSH to use ansible key for github.com
    template:
      src: templates/ssh_config.j2
      dest: /home/REMOTE_USER/.ssh/config
      owner: REMOTE_USER
      group: REMOTE_USER
      mode: 0644

  - name: Clone repo
    git:
      dest: /home/REMOTE_USER/PATH_TO_REPO
      repo: "{{ repository }}"
      key_file: " {{ remote_keyfile }}"
      clone: yes
      update: yes

Steps I've taken to try to fix the issue:

  1. Added the public key to authorized_keys on the remote host
  2. Added
Host github.com
   IdentityFile PATH_TO_PRIVATE_KEY
   IdentitiesOnly yes

to the .ssh/config file on the remote host.

  1. Created an ansible.cfg file that has:
[defaults]
transport = ssh
sudo_flags = -HE

[ssh_connection]
ssh_args = -o ForwardAgent=yes
  1. Ran the playbook as root & REMOTE_USER
  2. Removed the Copy SSH Key task

I've messed around with all these settings, and no mix of them works. If I manually SSH into the VM I can run git clone [email protected]:GITHUB_USER/REPO and it works fine (but prompts me for the passphrase for my SSH key)

REMOTE_USER has permissions for the private key, the directory the repo is being cloned into, authorized_keys, the public key, & the config file.

Everything I've tried that I've read from stackoverflow, other stackexchange sites, and the general internet hasn't worked so far.

I would appreciate any guidance as to how I can fix this issue that doesn't involve using HTTPS for the git clone.

CodePudding user response:

I was able to reproduce your issue locally, and I found the problem is the leading whitespace in the string

      key_file: " {{ remote_keyfile }}"

If you remove the space after the first quote, it should work.

I should note I tested locally without a passphrase on the key. I'd imagine the passphrase might be an issue for the git module.

  • Related