Ansible git clone 'Permission Denied' 但直接 git clone 工作 [英] Ansible git clone 'Permission Denied' but direct git clone working

问题描述

我在 Ansible 上遇到了一个令人不安的问题.我使用当前主机的 ssh 密钥在我的环境中设置了 git 克隆:

I got a troubling issue with Ansible. I setup a git cloning on my environment using ssh key of my current host:

- name: Add user Public Key
    copy: 
     src: "/Users/alexgrs/.ssh/id_rsa.pub"
     dest: "/home/vagrant/.ssh/id_rsa.pub"
     mode: 0644

- name: Add user Private Key
    copy: 
     src: "/Users/alexgrs/.ssh/id_rsa"
     dest: "/home/vagrant/.ssh/id_rsa"
     mode: 0600

- name: Clone Repository
  git: 
   repo: repo.git
   dest: /home/vagrant/workspace/
   update: true
   accept_hostkey: true
   key_file: "/home/vagrant/.ssh/id_rsa.pub"

如果我在 Vagrant 上 vagrant ssh 并执行 git pull repo 它可以工作.但是，当我执行 vagrant provision 时，我收到以下错误消息:

If I vagrant ssh on Vagrant and execute git pull repoit works. But when I do a vagrant provision I got the following error message:

stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.

我很确定我的公钥没有被 vangrant 条款使用，但我无法检测到原因.

I'm pretty sure my publickey is not used by vangrant provision but I'm not able to detect why.

您是否已经看到此类问题?

Did you already see this kind of issue ?

谢谢.

似乎 ansible 不是在做 git clone 而是在尝试以下命令:

It seems that ansible is not doing a git clone but is trying the following command:

/usr/bin/git ls-remote ssh://repo.git -h refs/heads/HEAD

我在我的 vagrant 盒子里试过了，我遇到了同样的权限被拒绝问题.

I tried it in my vagrant box and I have the same permission denied issue.

推荐答案

复制私钥恕我直言从来都不是一个好主意.更好的选择是启用 ssh 代理转发.

Copying private keys IMHO never is a good idea. A better option would be to enable ssh agent forwarding.

您可以在本地 .ssh/config 中全局执行此操作:

You can do this globally in your local .ssh/config:

ForwardAgent yes

或者在你的 ansible.cfg 中:

[ssh_connection]
ssh_args= -A

无论如何，您需要确保主机/虚拟机接受代理转发.在远程 /etc/ssh/sshd_config 中，必须定义:

In any case though you need to make sure the host/vm accepts agent forwarding. In the remote /etc/ssh/sshd_config this has to be defined:

AllowAgentForwarding yes

这篇关于Ansible git clone 'Permission Denied' 但直接 git clone 工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！