1

I am trying to clone a repo using git on a ec2 server, my goal is to get a repo on it and for that I am planning on executing a shell script as user data. Please suggest me how do I authenticate to github on the fly

I tried installing git and then cloning it using git clone.

D Malan
  • 10,272
  • 3
  • 25
  • 50
Jarvis
  • 41
  • 3

1 Answers1

1

Github has the concept of Deploy Keys which would be a good solution for you:

  • read only access
  • scoped to a repo, not your entire account / org
  • distinct from your personal access to protect your github account
  1. Generate an SSH key
  2. Put the private key somewhere accessible by the application. you have a few different options here - AWS service storage (Secrets Manager or maybe s3) which will require you to give your EC2 instances an IAM Instance Profile so they can authenticate to AWS, which is a great solution but a little complicated the first time to handle AWS auth. Or you could build an AMI with the key already added. You could even hard code the ssh key in the user-data if that is acceptable to you - user data is often
  3. in user-data, grab the key (if it's not already in the ami) and put it in a location you can specify for the git clone (or put it in ~/.ssh/id_rsa` and it will be used automatically)
  4. You'll also need to populate ~/.ssh/known_hosts with the host keys of github
  5. When you clone the repo, use the ssh protocol url style
erik258
  • 14,701
  • 2
  • 25
  • 31
  • Thank you so much @erik258. Your response really helped. I was able to create ssh-keygen and add the public-key into GIT repo and I tested manually to clone using ssh. It worked!, however when I add git clone repo in user-data , i dont see the repo after the Ec2 launch using the AMI created previously. Pls shed me some light on how to achieve this step-by step pls. Thank you :) – Jarvis Feb 07 '23 at 12:29
  • your user-data script probably had an issue. Check the logs – erik258 Feb 07 '23 at 19:02
  • Dear erik258 Please help me with this :) any insights would be greatly appreciated, I added ssh-key keygen private key to the repo @fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. – Jarvis Feb 21 '23 at 13:38
  • Most likely the key is not being found. Are you sure you put public it in `~/.ssh/id_rsa`? `~/` means the current user's home directory - you have to put the key in the directory of the user running the clone in the user-data, which is probably not the same as the user you logged in with. Since (`git clone` accepts env variable to set the ssh command to `ssh -v`)[https://askubuntu.com/questions/336907/really-verbose-way-to-test-git-connection-over-ssh] I suggest you set `GIT_SSH_COMMAND` when you run `git clone` like this:`GIT_SSH_COMMAND="ssh -v" git clone ....` – erik258 Feb 22 '23 at 03:33
  • "i dont see the repo after the Ec2 launch using the AMI created previousl" Okay, sorry, missed this. If every instance boots and creates its own key, they won't be registered in github. You need to generate the key once and reuse the key for future boots. Put it in secrets manager maybe ($0.40 / mo / secret). – erik258 Feb 22 '23 at 03:35