Pulling a Bitbucket Repo directly is successful. Fails when done via a pipeline

Question

I'm attempting to deploy from a bitbucket pipeling to a Digital Ocean droplet.

When going via the pipeline this is unsucessful resulting in a permission denied (publickey) error.

However, when attempting to run the exact same file from the shell on the server the git pull is successful.

I can't figure out why this might fail via one method and not the other considering it's the same file that is attempting to pull from bitbucket.

Bitbucket Pipeline Fail

Pull.sh on the Digital Ocean Droplet

# Change to the git directory
printf "${Red}=== Repo Pull ===${Color_Off}\n"
printf "${Red}Changing Directory to 'eg-api'\n"
cd eg-api

#Pull From Repo
printf "${Red}Attempting pull from repo${Color_Off}\n"
git pull origin master
printf "${Red}Repo: Local Copy Updated${Color_Off}\n"

#Change Directory
cd refgator-api

# Starts the application
python3 refgator-api.py

Successful repo Pull when executing directly on the droplet.

=== Repo Pull ===
Changing Directory to 'eg-api'
Attempting pull from repo
From bitbucket.org:[myusername]/[myrepo]
 * branch              master     -> FETCH_HEAD
Already up to date.
Repo: Local Copy Updated

With -vvv enabled

Using GIT_SSH_COMMAND="ssh -vvv" git pull git@bitbucket.org:myusername/myrepo.git instead of git pull origin master in pull.sh

The below is output when attempting the deployment from the Bitbucket Pipeline:

debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzX...
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
fatal: Could not read from remote repository.

And the below is the output provided when running th eexact same file from Digital Ocean.

debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:ebh... agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /root/.ssh/id_rsa RSA SHA256:ebh... agent
debug3: sign_and_send_pubkey: RSA SHA256:ebh...
debug3: sign_and_send_pubkey: signing using ssh-rsa SHA256:ebh...
debug3: send packet: type 50

so it's obvious that the key is accepted via one method but not the other.

score 0 · Accepted Answer · answered Jun 30 '21 at 13:25

This was addressed by modifying the deploy.sh script held on bitbucket to include the ssh -tt argument.

 default:
       - step:
           script:
-              - cat ./deploy.sh | ssh root@xxx.xxx.xxx.xxx
+              - cat ./deploy.sh | ssh -tt root@xxx.xxx.xxx.xxx
               - echo "Deploy step finished"

Helped out by this answer

Pulling a Bitbucket Repo directly is successful. Fails when done via a pipeline

Bitbucket Pipeline Fail

Pull.sh on the Digital Ocean Droplet

Successful repo Pull when executing directly on the droplet.

With -vvv enabled

1 Answers1