Git ssh authentication


#1

My git resource configuration (some lines are ommited)

git("/var/www/small-api") do
  provider Chef::Provider::Git
  action [:sync]
  destination "/var/www/small-api"
  ssh_wrapper "/home/userdeploy/.ssh/ssh_wrapper.sh"
  repository "ssh://userdeploy@example.com/home/repo/small-api.git"
  user "www-data"
  group "www-data"
end

My error

STDERR: fatal: cannot exec '/home/pwfdeploy/.ssh/ssh_wrapper.sh': Permission denied 

If I remove wrapper line, cookbook run successful but I have to type password. I changed ssh.wrapper.sh permissions to 777 but it didn’t help. If I write wrapper string in git resource.

 ssh_wrapper "/usr/bin/env ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /home/userdeploy/.ssh/git_rsa \"$@\"" 

I get

STDERR: error: cannot run ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /home/userdeploy/.ssh/git_rsa "$@": No such file or directory

But it’s there. Git is executed with www-data user and git_rsa has userdeploy user. So I added www-data user to userdeploy group and changed permissions to 440 for git_rsa. It still doesn’t work.


#2

SSH keys have to be 0600 and owned by the user running ssh (so the one running git here).

A workaround could be to run the git resource with userdeploy and use notifications to run a execute resource doing a chown www-data:www-data -R /var/www/small-api when it runs.


#3

It works. Thank you.