天道酬勤,学无止境

php run git got "ssh Permission denied"

I'm trying to run git pull in a php script from a browser, but I got "sh: connect to host git.assembla.com port 22: Permission denied"

my php script:

<?php
$output=array();
$returnVar=0;
chdir("/var/www/html");
exec('git pull git@git.assembla.com:andrewadel.git master 2>&1', $output , $returnVar);
// exec('pwd', $output , $returnVar);
echo "<pre>\n";
echo "return status: $returnVar\n\n";
print_r($output);
echo "</pre>\n";

when I manually run the script as "apache", everything is fine

bash-4.1$ whoami
apache
bash-4.1$ php gitsync.php
<pre>
return status: 0

Array
(
    [0] => From git.assembla.com:andrewadel
    [1] =>  * branch            master     -> FETCH_HEAD
    [2] => Already up-to-date.
)
</pre>

When I run it from a browser, it fails

http://103.7.164.33/gitsync.php?111

return status: 1

Array
(
    [0] => ssh: connect to host git.assembla.com port 22: Permission denied
    [1] => fatal: The remote end hung up unexpectedly
)

Thanks

标签

评论

A lot of variables here... but I faced pretty much exact same behavior with a remote cgi script I was working on.

In my case the issue was related to SELinux on CentOS.

user@remoteserver:~$ getsebool -a | grep httpd

Showed:

...
httpd_can_network_connect --> off
...

Test Possible Fix(sudo or run as root):

user@remoteserver:~$ setsebool httpd_can_network_connect=1
//...then initiate your serverside script remotely

Permanent Fix(if above has proven effective):

user@remoteserver:~$ setsebool -P httpd_can_network_connect=1

-P option ensures subject SELinux boolean value is set to specified value as default on future reboots. See: man getsebool and man setsebool

Is your webserver and PHP installation enforced by Suhosin, safe-mode, Apparmor or other security mechanisms?

And I recommend trying PHP-Git bindings like php-git if you're doing more operations. That module is designed for working with Git in PHP code.

Apache would run the script as the 'nobody' user. Your script relies on having the private key most likely stored at ~apache/.ssh/id_rsa

The failure is that git can't access that key and isn't able to authenticate itself against the git server.

The solution is to specify the correct key to use and make that key accessible to the user that is executing the script.

Read this for how to specify the key:

Specify private SSH-key to use when executing shell command with or without Ruby?

Take a look here for an approach to running as a different user:

https://serverfault.com/questions/226374/how-to-run-php-files-as-another-user-with-apache-and-fastcgi

I would not recommend running as nobody (since then the nobody user has access to your private key), or as apache (since then you are increasing the damage that could be done should an exploit be found for your site). Therefore you should create a different user with the minimal permissions to read your private key and execute the git command. It may not be necessary to specify the key if you just create a limited user account for this and put the keys (public/private) into ~/.ssh

Is this a permissions issue? A PHP script would be run as the nobody user most likely, which may not have permissions to run the git command.

受限制的 HTML

  • 允许的HTML标签:<a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • 自动断行和分段。
  • 网页和电子邮件地址自动转换为链接。

相关推荐
  • ssh Permission denied (publickey) after upgrade Fedora 33
    i have been trying many answers on this Stackoverlow questions same like i am asking now, but still can't resolve my problem, i am trying to clone by ssh but always got Permission denied (publickey) when i run GIT_SSH_COMMAND="ssh -vvv" git clone git@bitbucket.org:myusername/my-api.git debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex
  • git push heroku master 权限被拒绝(公钥)(git push heroku master Permission denied (publickey))
    问题 编辑 #3 在顶部更新它,因为它解决了我的问题,并为我提供了一个我不知道的很好的故障排除步骤(也可以为您节省一些时间) 尝试获取ssh -vvv git@heroku.com的输出。 对我来说,当我的公钥在 /c/Users/NumberOverZero/.ssh 中时,ssh 被挂断了尝试 /c/Program Files (x86)/Emacs/.ssh 中的密钥 删除 Emacs ssh 文件夹(它是空的)解决了我的问题,因为 ssh 会检查我的 Users .ssh 文件夹。 尝试git push heroku master时,我收到Permission denied (publickey) 。 有几件事使这与下面的帖子不同: 我有 ssh 为 github 工作昨晚我能够成功推送到 heroku 自从那次推送以来,我对一个 js 文件进行了单行更改,然后提交并推送。 没有其他变化。 我能找到的最接近的是这篇文章: git clone heroku ssh 权限被拒绝 我已经查看了相关问题(有很多): git push heroku master 权限被拒绝(公钥)。 致命:远端意外挂断 git push heroku master 权限被拒绝 git clone heroku ssh 权限被拒绝 https://stackoverflow.com/questions
  • git push heroku master 权限在 VISTA 上被拒绝(git push heroku master permission denied on VISTA)
    问题 (使用 Vista)我正在尝试从我的 GitHub 存储库克隆一个应用程序并将其推送到 Heroku。 好的,所以我多次尝试使用此创建 SSH 密钥: `ssh-keygen -t rsa` 它似乎完美无缺。 我的 C:/Users/***/.ssh 文件夹中有它。 我现在尝试克隆我在 GitHub 中分叉的应用程序。 当我尝试在 rails_apps 目录中克隆它时,我收到一条消息说 Permission Denied(public key). 我在网上找到了一个解决方案,说我应该先运行它: `ssh-add` 所以我尝试这样做。 但它说: 无法打开与您的身份验证代理的连接。 然后经过一些谷歌搜索,我找到了一些关于执行 ssh-agent 的信息。 所以我这样做: `ssh-agent bash` 命令行从我的 rails_apps 目录更改为: `bash3.1$>` 所以我运行: `bash3.1$>ssh-add [path to .ssh folder]` 并且它成功添加了 rsa 私钥(它不适用于 id-rsa.pub)。 我还将新生成的公钥粘贴到我的 GitHub 帐户中。 现在,当我尝试克隆时: `bash3.1$>git clone git@github.com:username/myrepo.git` 它现在成功克隆了我在 GitHub 中分叉的 repo
  • git push heroku master Permission denied (publickey)
    Edit #3 Updating this at the top because it solved my issue and gave me a good troubleshooting step I didn't know about (and could save you some time, too) Try getting the output of ssh -vvv git@heroku.com. For me, ssh was getting hung up on trying keys in /c/Program Files (x86)/Emacs/.ssh when my public key was in /c/Users/NumberOverZero/.ssh Deleting the Emacs ssh folder (which was empty) fixed my issue since ssh would then check my Users .ssh folder. I'm getting Permission denied (publickey) when trying to git push heroku master. A few things that makes this different from the posts below
  • 使用 Moovweb 时 Windows 上的权限被拒绝(公钥)错误(Permission denied (publickey) errors on Windows when using Moovweb)
    问题 我可以在 Mac 和 Linux 机器上使用我的 SSH 密钥和 Moovweb 凭据进行身份验证、生成、推送等。 但是,在我的 Windows 机器上,使用 Git Bash,我收到 SSH Permission denied (publickey)错误。 错误消息如下: $> moov generate 123dsfsdsf nytimes.com Running environment checks. Verifying that git is installed...OK Checking that current 123dsfsdsf directory doesn't exist...OK Registering project with MoovCloud. Authenticating with MoovCloud. Checking for git access...Enter passphrase for key '/Users/firstname.lastname/.ssh/id_rsa': Enter passphrase for key '/Users/firstname.lastname/.ssh/id_rsa': FAILED > Need to upload an ssh key in order to generate a project
  • git clone heroku ssh 权限被拒绝(git clone heroku ssh permission denied)
    问题 我刚买了一台新电脑,我想在上面克隆我的 heroku 项目。 这是我到目前为止所做的。 我没有包含跟踪,但所有内容都保存在正确的位置,并且函数运行没有错误。 >> sudo ssh-keygen >> heroku keys:add >> sudo git clone -o heroku git@heroku.com:myapp.git Initialized empty Git repository in /Users/macuser/Sites/shwagr/shwagr/.git/ Permission denied (publickey). 然后我听说通过 ssh bash 做这件事.. >ssh-agent bash >ssh-add ~/.ssh Permissions 0777 for '/Users/macuser/.ssh' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. 什么? 好的爸爸.. >>sudo chmod 700 ~/.ssh >>ssh-agent bash >>ssh-add ~/.ssh Enter passphrase for /Users
  • Permission denied (publickey) errors on Windows when using Moovweb
    I'm able to authenticate, generate, push etc just fine with my SSH keys and Moovweb credentials on my Mac and Linux machines. However, on my Windows machine, using Git Bash, I get an SSH Permission denied (publickey) error. The error message is below: $> moov generate 123dsfsdsf nytimes.com Running environment checks. Verifying that git is installed...OK Checking that current 123dsfsdsf directory doesn't exist...OK Registering project with MoovCloud. Authenticating with MoovCloud. Checking for git access...Enter passphrase for key '/Users/firstname.lastname/.ssh/id_rsa': Enter passphrase for
  • git clone heroku ssh permission denied
    I just bought a new computer and I am trying to clone my heroku project on it. Here's what I've done so far. I didn't include the trace, but everything was saved in the right place, and the functions ran without errors. >> sudo ssh-keygen >> heroku keys:add >> sudo git clone -o heroku git@heroku.com:myapp.git Initialized empty Git repository in /Users/macuser/Sites/shwagr/shwagr/.git/ Permission denied (publickey). Then I heard about doing it through ssh bash.. >ssh-agent bash >ssh-add ~/.ssh Permissions 0777 for '/Users/macuser/.ssh' are too open. It is recommended that your private key files
  • Github SSH 权限被拒绝部署密钥(Github SSH Permission denied to deploy key)
    问题 我创建了一个新的存储库,能够使用 SSH 进行克隆并提交和一切。 但是当我尝试推送时,出现以下错误: ERROR: Permission to Ronin11/MealPlanr.git denied to deploy key fatal: Could not read from remote repository. Please make sure you have the correct access rights 使用: ssh -T git@github.com 我能够验证我的 ssh 密钥是否正常工作。 我不知道发生了什么。 这只是前几天的工作。 我已经好几个月没有碰过这些设置了。 所有这些都是在 Mac 上使用终端。 帮助! 回答1 对我来说,以下内容始终适用于 GitHub 推送: eval `ssh-agent -s`; ssh-add your_key; git push 回答2 您提到您使用的是 OSX。 如果您使用的是 10.12.2+,则可能是您的 ssh 配置有问题。 Github 的文档对此有说明。 https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/ 具体来说,他们说将以下内容添加到~/.ssh/config Host
  • SSH - Permission denied (cannot authenticate git@github.com) via CMD
    I'm on windows XP. I'm facing weired problem as when I try to connect to git@github.com using bash ssh -v git@github.com i'm able to connect successfully but when i am trying to connect via cmd on same machine I'm getting message permission denied. On debugging I found that in case of bash, ssh is checking id_rsa key but in case of cmd SSH is just checking github_rsa. Not even trying to check id_rsa. Below are the logs. OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Applying options for github.com debug1
  • SSH - 权限被拒绝(无法通过 CMD 验证 git@github.com)(SSH - Permission denied (cannot authenticate git@github.com) via CMD)
    问题 我在 Windows XP 上。 我遇到了一个奇怪的问题,因为当我尝试使用 bash ssh -v git@github.com连接到 git@github.com 时,我能够成功连接,但是当我尝试在同一台机器上通过 cmd 连接时,我获取消息权限被拒绝。 在调试时,我发现在 bash 的情况下, ssh 正在检查 id_rsa 密钥,但在 cmd 的情况下,SSH 只是检查 github_rsa。 甚至没有尝试检查 id_rsa。 以下是日志。 OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Applying options for github.com debug1: Connecting to github.com [204.232.175.90] port 22. debug1: Connection established. debug1: identity file /c/Documents and Settings/username/.ssh/github_rsa type 1 debug1: Remote protocol version
  • Github SSH Permission denied to deploy key
    I created a fresh repo, was able to clone with SSH and commit and everything. But when I try to push I get the following error: ERROR: Permission to Ronin11/MealPlanr.git denied to deploy key fatal: Could not read from remote repository. Please make sure you have the correct access rights Using: ssh -T git@github.com I was able to verify that my ssh key is working. I have no idea what happened. This was just working the other day. I haven't touched these settings in months. All this was using the terminal on Mac. Help!
  • ssh : 权限被拒绝 (publickey,gssapi-with-mic)(ssh : Permission denied (publickey,gssapi-with-mic))
    问题 我用的是centos 5.9。 通过此链接安装 gitlab 后,ssh 不起作用。 在安装 gitlab ssh 之前正常工作。 我正在使用此服务器本地和其他服务,例如安装在服务器上的 elastix 和 apache、mysql。 出现这个错误: OpenSSH_6.9p1 Ubuntu-2ubuntu0.1, OpenSSL 1.0.2d 9 Jul 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.88.23 [192.168.88.23] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or
  • pexpect and ssh: how to format a string of commands after su - root -c
    I am trying to iterate through a list of servers & passwords to change the sshd configs on a group of servers so that I can login/run commands via root using passwordless SSH keys. I can do this easily in bash but I'm trying to learn Python and (obviously) would like to forego entering in passwords manually. Here's the bash of what I want to do: scp ~/.ssh/id_rsa.pub /etc/ssh/sshd_config USER@IP:/tmp/ ssh -o StrictHostKeyChecking=no -t USER@IP "su - root -c \"chown root:root /tmp/id_rsa.pub; chmod 600 /tmp/id_rsa.pub; chown root:root /tmp/sshd_config; mkdir /root/.ssh; chown root:root /root/
  • Specifying ssh key in ansible playbook file
    Ansible playbook can specify the key used for ssh connection using --key-file on the command line. ansible-playbook -i hosts playbook.yml --key-file "~/.ssh/mykey.pem" Is it possible to specify the location of this key in playbook file instead of using --key-file on command line? Because I want to write the location of this key into a var.yaml file, which will be read by ansible playbook with vars_files:. The followings are parts of my configuration: vars.yml file key1: ~/.ssh/mykey1.pem key2: ~/.ssh/mykey2.pem playbook.yml file --- - hosts: myHost remote_user: ubuntu key_file: {{ key1 }} #
  • ssh : Permission denied (publickey,gssapi-with-mic)
    i'm use centos 5.9. after installing gitlab by this link ssh not working. before install gitlab ssh correctly working. i'm using this server localy and other services such as elastix and apache,mysql installed on server. appeare this error : OpenSSH_6.9p1 Ubuntu-2ubuntu0.1, OpenSSL 1.0.2d 9 Jul 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.88.23 [192.168.88.23] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public
  • 在 ansible playbook 文件中指定 ssh 密钥(Specifying ssh key in ansible playbook file)
    问题 Ansible playbook 可以在命令行中使用--key-file指定用于 ssh 连接的密钥。 ansible-playbook -i hosts playbook.yml --key-file "~/.ssh/mykey.pem" 是否可以在剧本文件中指定此键的位置而不是在命令行上使用--key-file ? 因为我想把这个 key 的位置写到一个var.yaml文件中,这个文件会被vars_files: playbook 用vars_files:读取。 以下是我的配置的一部分: vars.yml 文件 key1: ~/.ssh/mykey1.pem key2: ~/.ssh/mykey2.pem playbook.yml 文件 --- - hosts: myHost remote_user: ubuntu key_file: {{ key1 }} # This is not a valid syntax in ansible. Does there exist this kind of directive which allows me to specify the ssh key used for this connection? vars_files: - vars.yml tasks: - name: Echo a hello message command
  • 在 ambari hadoop 安装期间权限被拒绝(publickey、gssapi-keyex、gssapi-with-mic、password)(Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password) during ambari hadoop installation)
    问题 我正在尝试使用 ambari 部署一个 hadoop 集群,但是当我选择带有 FQDN 的主机名并继续配置时,我收到了 ssh 的权限被拒绝错误。 步骤: 1. 使用 ssh-keygen 作为 root 生成 rsa 密钥。 更改了 .ssh(700) 和 authorized_keys(640) 的权限 cat 公钥到authorized_keys。 并将公钥复制到所有主机(authorized_keys)并更改文件权限,如上。 我可以从 ambari 服务器主机 SSH 无密码到所有其他主机。 但是从 ambari 无法执行以下错误的 hadoop 安装。 SSH command execution finished host=XXX, exitcode=255 Command end time 2015-06-23 10:44:07 ERROR: Bootstrap of host XXX fails because previous action finished with non-zero exit code (255) ERROR MESSAGE: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). STDOUT: Permission denied (publickey
  • Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password) during ambari hadoop installation
    I am trying to deploy a hadoop cluster using ambari, but when i select the hostnames with FQDN and proceed to configure I get the permission denied error for ssh. STEPS: 1. generated rsa key using ssh-keygen as root. changed permission for .ssh(700) and authorized_keys(640) cat the public key to authorized_keys. and copied the public key to all the hosts(authorized_keys) and changed the file permission as above. I could ssh passwordless from ambari server host to all the other hosts. But from ambari is failing to do the hadoop installation with below error. SSH command execution finished host
  • ssh: Permission denied (publickey,keyboard-interactive)
    I'm using linux system I created a ssh key on local directory $ ssh-keygen -t rsa -f ~/.ssh/id_rsa and then uploaded the public key to planetLab system then I tried to log in a PlanetLab node using: ssh -v the debug information is as follows: OpenSSH_5.8p2, OpenSSL 1.0.0j-fips 10 May 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to openlab01.pl.sophia.inria.fr [138.96.116.22] port 22. debug1: Connection established. debug1: identity file /user/wgong/home/.ssh/id_rsa type 1 debug1: identity file /user/wgong/home/.ssh/id_rsa-cert