7

I've set up a PHP script to perform a GitHub pull:

This is contained in my Github folder /home/mysite/public_html/github

github_pull.php

<?php
echo `git pull 2>&1`;
?>

My server does already have the SSH public key, as if I perform git pull from Terminal:

ssh username@host.com
cd public_html/github
git pull

This works successfully (however I do have to enter the password for the rsa key first) Update: password is no longer needed (see comments)

However, when I run github_pull.php I get the following error: Permission denied (publickey). fatal: The remote end hung up unexpectedly

The SSH key is contained at /home/mysite/.ssh/id_rsa

When I run 

<?php echo `whoami`;

It outputs mysite

Tom
  • 1,068
  • 2
  • 25
  • 39
  • Does the user executing the script, usually Apache’s `www_data` have access to the ssh key? Also note that the user is likely looking at a different location for the key. – poke Oct 16 '13 at 23:21
  • (1) is your webserver running as your user, or as `www-data`? (2) is the SSH key readable for the webserver? (3) does the webserver actually look for that key? ( you can always try `export GIT_SSH="your ssh command"`) – Wrikken Oct 16 '13 at 23:21
  • `however I do have to enter the password for the rsa key first` that means none-interactively the key can't be used. I.e. even if the key is usable it won't work. – AD7six Oct 17 '13 at 13:20
  • The user executing the script is `mysite`. .ssh has permissions 0700 and id_rsa.pub has permissions 0640 and id_rsa has permissions 0600. How can I specify the location of the key to the script? – Tom Oct 17 '13 at 13:21
  • @AD7six is there a way around this? – Tom Oct 17 '13 at 13:27
  • 1
    Create a key with no password, add it to your github account and use that. [test it in the same way you would test any ssh problem](https://help.github.com/articles/generating-ssh-keys#step-4-test-everything-out). Note that you don't _need_ ssh access to issue `git pull` (unless it's a private repo) - you can use `https` instead. – AD7six Oct 17 '13 at 13:29
  • @AD7six I've fixed this now by running `eval $(ssh-agent)` and then `ssh-add` - so it no longer requires me to enter my password, however it still gives me the same error when running the PHP script – Tom Oct 17 '13 at 13:30
  • or in other words - you haven't fixed it ;) (you and commands executed via php are not in the same session, that won't work). – AD7six Oct 17 '13 at 13:31
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/39423/discussion-between-tom-and-ad7six) – Tom Oct 17 '13 at 13:34

3 Answers3

3

As commented, try first an https url:

 ssh username@host.com
 cd public_html/github
 git remote set-url origin https://github.com/username/reponame
 git pull

This is far easier than tinkering with ssh keys, especially when they are passphrase protected.

If you must use ssh keys, then you must know the default location of the key is:

~/.ssh/id_rsa(.pub)

If the user executing the script is 'mysite', then it will look for ~mysite/.ssh/id_rsa.
And you need to make sure the ssh-agent is running as mysite user. Which is why it is easier at first to try it with a private key not passphrase-protected.

If your ssh key were to be somewhere else, then you would need a:

~mysite/.ssh/config

In that config file, as illustrated here, you can specify the location and name of the key you want to use.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Your first solution works fine when running in terminal (after entering username and password). However the PHP script I get this error: `fatal: could not read Username for 'https://github.com': No such device or address`. How can I tell the script the username and password? – Tom Oct 19 '13 at 20:02
  • @Tom for pulling, you don't need credential. You don't need a username and a password (unless it is a private repo. Is it a private repo?). Otherwise, you would store said credentials in a `~/.netrc` file: http://stackoverflow.com/a/11022181/6309 – VonC Oct 19 '13 at 20:27
  • It's a private repo. I've created .netrc (/home/mysite/.netrc) and put the following contents in it: `machine mysite.com login password `. Still using the same PHP as above, I'm still getting the fatal: could not read Username error. Also tried "github.com" instead. Any suggestions? Thanks – Tom Oct 19 '13 at 21:29
  • 1
    @Tom `machine: mysite.com`? No: it should be `machine: github.com` :) Those are the *github* credentials, for git pull to access your private repo. – VonC Oct 19 '13 at 21:36
  • @Tom then try with an OAuth (http://blogdown.io/c4d42f87-80dd-45d5-8927-4299cbdf261c/posts/574baa68-f663-4dcf-88b9-9d41310baf2f): that works with private repos. – VonC Oct 19 '13 at 21:41
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/39574/discussion-between-tom-and-vonc) – Tom Oct 19 '13 at 21:48
2

You should first try to debug using the actual 'mysite' account.

sudo -u mysite
cd ~/public_html/github
git pull

From the error log, it seems to be a remote problem, not local. Meaning SSH can actually access your private key.

I suspect github is receiving your own personal private key (via ssh-agent) and not 'mysite' public key. You can validate this by running ssh-add -l within your php code, or with sudo -u mysite; ssh-add -l and comparing with what's registered in github interface.

Github has covered this problem extensively: https://help.github.com/articles/error-permission-denied-publickey

jako
  • 21
  • 4
2

Add the following to your .ssh/config

Host github_server
  HostName github.com
  User git
  IdentityFile /path/to/your/private_key

Edit your .git/config and update the remote repo URL from

url = git@github.com:git_repo_name.git

to

url = git@github_server:git_repo_name.git

That should help you login to the server using the given key. Replace the path to the key in the above to the full actual path on your machine. Replace the repo name with the actual repo name. Do note that the user 'mysite' has access to the key file. You can test that using fopen from PHP and confirm.

anoopjohn
  • 518
  • 4
  • 18