Git ssh authentication

coul · January 20, 2017, 11:51am

My git resource configuration (some lines are ommited)

git("/var/www/small-api") do
  provider Chef::Provider::Git
  action [:sync]
  destination "/var/www/small-api"
  ssh_wrapper "/home/userdeploy/.ssh/ssh_wrapper.sh"
  repository "ssh://userdeploy@example.com/home/repo/small-api.git"
  user "www-data"
  group "www-data"
end

My error

STDERR: fatal: cannot exec '/home/pwfdeploy/.ssh/ssh_wrapper.sh': Permission denied

If I remove wrapper line, cookbook run successful but I have to type password. I changed ssh.wrapper.sh permissions to 777 but it didn’t help. If I write wrapper string in git resource.

 ssh_wrapper "/usr/bin/env ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /home/userdeploy/.ssh/git_rsa \"$@\""

I get

STDERR: error: cannot run ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /home/userdeploy/.ssh/git_rsa "$@": No such file or directory

But it’s there. Git is executed with www-data user and git_rsa has userdeploy user. So I added www-data user to userdeploy group and changed permissions to 440 for git_rsa. It still doesn’t work.

Tensibai · January 20, 2017, 3:01pm

SSH keys have to be 0600 and owned by the user running ssh (so the one running git here).

A workaround could be to run the git resource with userdeploy and use notifications to run a execute resource doing a chown www-data:www-data -R /var/www/small-api when it runs.

coul · January 20, 2017, 3:41pm

It works. Thank you.

Topic		Replies	Views
Quick knife ssh question Chef Infra (archive)	0	298	February 21, 2011
Application cookbook/bitbucket problem Chef Infra (archive)	7	712	September 17, 2014
application_php: deploy_revision fails on attempt to use ~apache/.ssh/known_hosts Chef Infra (archive)	4	697	February 8, 2013
Git "nonexistent/.ssh" issue Chef Infra (archive)	3	1145	June 8, 2013
Chef Client 14.2.0 Released! Chef Release Announcements	0	1301	June 7, 2018

Git ssh authentication

Related topics