Home > OS >  NPM add from private repo fails with permission denied when it's from an existing project
NPM add from private repo fails with permission denied when it's from an existing project

Time:11-24

I've been trying to debug this super weird issue. Got a project where I am trying to install a private repository with the npm command.

This does not work when it's in an existing project but does when it's a newly created project that's just been created with npm init.

The existing project is in /app and the new project is in /opt (for testing purposes)

Running npm add git ssh://[email protected]:company/repository.git in /app returns with:

npm ERR! code 128
npm ERR! An unknown git error occurred
npm ERR! command git --no-replace-objects ls-remote ssh://[email protected]/company/repository.git
npm ERR! [email protected]: Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2021-11-24T00_25_10_559Z-debug.log

Running the exact same command from the /opt project installs the package correctly without any issues.

I'm running this from an alpine docker box with openssh installed.

This is the Dockerfile

FROM node:16.13-alpine

RUN apk add --no-cache openssh-client git python2

RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts && ln -s /run/secrets/ssh_key ~/.ssh/id_rsa && ln -s /run/secrets/ssh_pub_key ~/.ssh/id_rsa.pub

RUN mkdir /app

WORKDIR /app

A few more informative stuff

/app # node -v
v16.13.0
/app # npm -v
8.1.4
/app # ssh -T [email protected]
Hi AzaZPPL! You've successfully authenticated, but GitHub does not provide shell access.

package.json

{
    "name": "project",
    "version": "1.0.0",
    "private": true,
    "scripts": {
        "dev": "nuxt",
        "build": "nuxt build",
        "start": "nuxt start",
        "generate": "nuxt generate",
        "generate-schema": "node apollo/generate-schema.js",
        "lint": "eslint --ext .js,.vue --ignore-path .eslintignore .",
        "lintfix": "eslint --fix --ext .js,.vue --ignore-path .eslintignore ."
    },
    "dependencies": {
        "@nuxtjs/apollo": "^4.0.1-rc.4",
        "@nuxtjs/auth": "^4.9.1",
        "@nuxtjs/axios": "^5.12.2",
        "@nuxtjs/dayjs": "^1.2.1",
        "@nuxtjs/style-resources": "^1.0.0",
        "apollo-cache-inmemory": "^1.6.6",
        "copy-to-clipboard": "^3.3.1",
        "core-js": "^3.6.5",
        "date-fns": "^2.19.0",
        "dotenv": "^8.2.0",
        "filepond": "^4.27.1",
        "filepond-plugin-file-validate-type": "^1.2.6",
        "filepond-plugin-image-preview": "^4.6.6",
        "graphql-tag": "^2.11.0",
        "js-file-download": "^0.4.12",
        "jwt-decode": "^3.1.2",
        "lodash": "^4.17.20",
        "nuxt": "^2.14.6",
        "nuxt-buefy": "^0.4.10",
        "nuxt-i18n": "^6.15.4",
        "vee-validate": "^3.4.3",
        "vue": "^2.6.12",
        "vue-filepond": "^6.0.3"
    },
    "devDependencies": {
        "@babel/eslint-parser": "^7.16.3",
        "eslint": "^7.12.1",
        "eslint-config-prettier": "^6.15.0",
        "eslint-loader": "^4.0.2",
        "eslint-plugin-prettier": "^3.1.4",
        "eslint-plugin-vue": "^7.1.0",
        "prettier": "^2.1.2",
        "sass": "^1.32.8",
        "sass-loader": "^12.3.0"
    }
}

Any ideas in what is going on here?

CodePudding user response:

Try in your Dockerfile to set

ENV GIT_SSH_COMMAND='ssh -Tv'

That should give you more clues as to why your SSH key is or is not considered during npm add.

CodePudding user response:

With the help of @VonC's answer I was able to figure out what was going on.

Taking a closer look at the logs, I found out that there is actually a user called node which is used when running npm. Inside the Dockerfile of the Alpine image this user was being created and npm is configured to use this user.

So what happened was whenever I logged into the docker container I was logging in as the root user and all the ssh keys which were set in the Dockerfile were being run by the root user.

Running the ssh -T [email protected] worked because the root user was setup correctly but not the node user

What I still can't get my head around is why did running the command in the /opt folder work? Anyway that's a mystery for a different day.

This is my updated Dockerfile. I set the ssh keys to the node user and login as the node user

FROM node:16.13-alpine

RUN apk add --no-cache openssh-client git

RUN mkdir /app && chown node:node /app

USER node

RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts

RUN ln -s /run/secrets/ssh_key ~/.ssh/id_rsa

WORKDIR /app
  • Related