Ansible with Github:权限被拒绝(Publickey) [英] Ansible with Github: Permission denied (Publickey)
问题描述
我正在尝试使用 Ansible 了解 GitHub ssh 配置(我正在编写 Ansible:Up & Running 一书).我遇到了两个问题.
I'm trying to understand the GitHub ssh configuration with Ansible (I'm working on the Ansible: Up & Running book). I'm running into two issues.
权限被拒绝(公钥) -当我第一次运行 ansible-playbook mezzanine.yml 剧本时,我的权限被拒绝:
Permission denied (publickey) -
When I first ran the ansible-playbook mezzanine.yml playbook, I got a permission denied:
failed: [web] => {"cmd": "/usr/bin/git ls-remote '' -h refs/heads/HEAD", "failed": true, "rc": 128}
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
msg: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
FATAL: all hosts have already failed -- aborting
好吧,很公平,我看到有几个人遇到了这个问题.所以我跳到了关于使用 SSH 运行 Git 的附录 A,它说要运行 ssh-agent 并添加 id_rsa 公钥:
Ok, fair enough, I see several people have had this problem. So I jumped to appendix A on running Git with SSH and it said to run the ssh-agent and add the id_rsa public key:
eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa
输出:身份添加我运行ssh-agent -l检查并得到长字符串:2048 e3:fb:... 但我得到了相同的输出.因此,我检查了有关 ssh 密钥生成和故障排除的 Github 文档,其中建议更新主机上的 ssh 配置文件:
Output: Identity AddedI ran ssh-agent -l to check and got the long string: 2048 e3:fb:... But I got the same output. So I checked the Github docs on ssh key generations and troubleshooting which recommended updating the ssh config file on my host machine:
Host github.com
User git
Port 22
Hostname github.com
IdentityFile ~/.ssh/id_rsa
TCPKeepAlive yes
IdentitiesOnly yes
但这仍然提供相同的错误.所以在这一点上,我开始认为这是我的 rsa 文件,这导致了我的第二个问题.
But this still provides the same error. So at this point, I start thinking it's my rsa file, which leads me to my second problem.
密钥生成问题 - 我试图生成一个额外的证书来使用,因为 Github 测试抛出了另一个权限被拒绝(公钥)"错误.
Key Generation Issues - I tried to generate an additional cert to use, because the Github test threw another "Permission denied (publickey)" error.
Warning: Permanently added the RSA host key for IP address '192.30.252.131' to the list of known hosts.
Permission denied (publickey).
我从头开始遵循 Github 说明并生成了一个具有不同名称的新密钥.
I followed the Github instructions from scratch and generated a new key with a different name.
ssh-keygen -t rsa -b 4096 -C "me@example.com"
我没有输入密码并将其保存到名为 git_rsa.pub 的 .ssh 文件夹中.我运行了相同的测试并得到以下结果:
I didn't enter a passphrase and saved it to the .ssh folder with the name git_rsa.pub. I ran the same test and got the following:
$ ssh -i ~/.ssh/git_rsa.pub -T git@github.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/antonioalaniz1/.ssh/git_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: ~/.ssh/github_rsa.pub
Permission denied (publickey).
我检查了权限并对文件执行了chmod 700,但我仍然得到Permission denied (publickey).我什至试图将密钥输入我的 Github 帐户,但首先收到一条消息,密钥文件需要以 ssh-rsa 开头.所以我开始研究和黑客.从在文件中输入长字符串开始(它以--BEGIN PRIVATE KEY--开头,但我在失败后省略了该部分);然而,Github 不接受它,说它是无效的.
I checked on the permissions and did a chmod 700 on the file and I still get Permission denied (publickey). I even attempted to enter the key into my Github account, but first got a message that the key file needs to start with ssh-rsa. So I started researching and hacking. Started with just entering the long string in the file (it started with --BEGIN PRIVATE KEY--, but I omitted that part after it failed); however, Github's not accepting it, saying it's invalid.
这是我在 YAML 文件中的 Ansible 命令:
This is my Ansible command in the YAML file:
- name: check out the repository on the host
git: repo={{ repo_url }} dest={{ proj_path }} accept_hostkey=yes
vars:
repo_url: git@github.com:lorin/mezzanine-example.git
这是我配置了 ForwardAgent 的 ansible.cfg 文件:
This is my ansible.cfg file with ForwardAgent configured:
[defaults]
hostfile = hosts
remote_user = vagrant
private_key_file = .vagrant/machines/default/virtualbox/private_key
host_key_checking = False
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes
盒子是一个使用 Mac OS 的 Ubuntu Trusty64.如果有人能告诉我文件权限和/或 Github 密钥生成,我将不胜感激.
The box is an Ubuntu Trusty64 using Mac OS. If anyone could clue me into the file permissions and/or Github key generation, I would appreciate it.
推荐答案
我怀疑密钥权限问题是因为您将公钥而不是私钥作为参数传递给ssh -i".试试这个:
I suspect the key permissions issue is because you are passing the public key instead of the private key as the arugment to "ssh -i". Try this instead:
ssh -i ~/.ssh/git_rsa -T git@github.com
(注意它是 git_rsa 而不是 git_rsa.pub).
(Note that it's git_rsa and not git_rsa.pub).
如果可行,请确保它在您的 ssh-agent 中.添加:
If that works, then make sure it's in your ssh-agent. To add:
ssh-add ~/.ssh/git_rsa
验证:
ssh-add -l
然后通过执行以下操作检查 Ansible 是否尊重代理转发:
Then check that Ansible respects agent forwarding by doing:
ansible web -a "ssh-add -l"
最后,通过执行以下操作检查您是否可以通过 ssh 访问 GitHub:
Finally, check that you can reach GitHub via ssh by doing:
ansible web -a "ssh -T git@github.com"
您应该会看到如下内容:
You should see something like:
web | FAILED | rc=1 >>
Hi lorin! You've successfully authenticated, but GitHub does not provide shell access.
这篇关于Ansible with Github:权限被拒绝(Publickey)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
