2

I'm try to update my private repository via a cron job but nothing seems to be happening. I'm using Satis to create the repository for my private packages.

I can do this manually by logging into my account via SSH and running:

php bin/satis build satis.json ./ -n

which updates everything fine apart from I have to enter my passphrase a million times. I can get round this by using SSH Agent and think this may be my problem...

php /home/accountname/public_html/bin/satis build /home/accountname/public_html/satis.json /home/accountname/public_html/ -n

Is there anything I'm missing?

UPDATE

It is the SSH auth as I've received this error via email (shortened version)

Reading composer.json of vendor/package (master)
Failed to update git@bitbucket.org:vendor/package.git, package information from this repository may be outdated (Permission denied (publickey). fatal: The remote end hung up unexpectedly error: Could not fetch origin )

In the docs it says about using -n to use the SSH Key but I am using it.

Any ideas?

UPDATE

Thought I would add my satis file structure:

{
    "name": "Name Of My Repo",
    "homepage": "http://repodomain.co.uk",
    "repositories": [
        { "type": "vcs", "url": "git@bitbucket.org:vendor/package.git" }
    ],
    "require-all": true
}

really stuck on this one, the documentation is crap!

Luke Snowden
  • 4,056
  • 2
  • 37
  • 70

1 Answers1

3

You are right that the SSH authentication is the problem here.

When the cronjob is running, it must access your Bitbucket repository somehow. You chose to use the "git" protocol, which uses SSH. When using SSH, using key-based authentication is way better than using passwords - and when it comes to git repos, it is the only way most of the time depending on the hosting.

Either you put your private key onto that cron server to get access to Bitbucket (might be a bad idea), or you create a new key pair and use that to allow access for your repo (is better, unless you experience some limitations of your bitbucket account, like too many users if that key counts as a user - on the other hand you could limit this key to be only allowed to read, not write).

Make sure that the user that is used to run your cronjob is using these keys, e.g. you should be able to manually start the script without any agent, and it should finish without asking for passwords. The correct place for the private key is ~/.ssh, the public key goes to Bitbucket. After that everything should run perfectly in the cronjob.

The other way could be to use a different protocol (like HTTPS) for the repo access and see what happens.

Sven
  • 69,403
  • 10
  • 107
  • 109
  • ok, so do i need to log into my server as root and create the SSH keys? Because I created the cronjob as the account user and logged into the account via SSH as user and created the SSH key which as stated above doesn't work. Thanks for taking the time to answer. – Luke Snowden Oct 09 '13 at 19:32
  • just checked and my SSH keys are located at `/home/accountname/.ssh` – Luke Snowden Oct 09 '13 at 19:35
  • You need to have the keys as the user that is running the cronjob. Is the cronjob running as root? – Sven Oct 09 '13 at 19:43
  • I may sound stupid but I'm new to this stuff. How do I know what the cron job is run by? (I created it via cpanel, logged in as the account holder so would think it would be the user) – Luke Snowden Oct 09 '13 at 19:49
  • I might also add that when I login to the server via SSH and manually do the above I still have to enter the passphrase 5million times unless using SSH Agent – Luke Snowden Oct 09 '13 at 19:56
  • ...not when running locally (MAMP) though. Might also add my server is Linux – Luke Snowden Oct 09 '13 at 19:58
  • one final note, when generating the keys `ssh-keygen -t rsa -C "your_email@example.com"` I use my bitbucket account email, this correct? – Luke Snowden Oct 09 '13 at 20:01
  • This all suggests you are still not using the keys for SSH access. Login to your linux box as the user. Create a new directory `mkdir test`. `cd test`. `git clone git@bitbucket.org:vendor/package.git` - this should work instantly without passwords. `cd ..`. `rm -r test`. – Sven Oct 09 '13 at 20:01
  • tried the above and still get: `Enter passphrase for key '/home/accountname/.ssh/id_rsa':` – Luke Snowden Oct 09 '13 at 20:03
  • No, the mail address is irrelevant, it is simply a comment to identify it. The public key has to be uploaded to bitbucket and assigned to your account. You should have done this before with your windows machine. – Sven Oct 09 '13 at 20:03
  • You protect the private key with a passphrase? That's good from security, but it will avoid using the key in an automatic script. – Sven Oct 09 '13 at 20:04
  • what I did was `ssh-keygen -t rsa -C "your_email@example.com"`, entered a passphrase and so on. I then go into the acount via FTP, open up `./.ssh/id_rsa.pub`, copy the contents and add an new SSH Key in my bitbucket account. – Luke Snowden Oct 09 '13 at 20:07
  • So no passphrase? (ie just press enter when prompted) – Luke Snowden Oct 09 '13 at 20:08
  • 2
    Yes. Without passphrase, the cronjob can use the private key directly. It also does not affect security: If someone could read your private key file, he could also read the cronjob with the passphrase. – Sven Oct 09 '13 at 20:09
  • Retried Clone of repo got the following: `The authenticity of host 'bitbucket.org (131.103.20.167)' can't be established. RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'bitbucket.org,131.103.20.167' (RSA) to the list of known hosts. remote: Counting objects: 656, done. remote: Compressing objects: 100% (544/544), done. remote: Total 656 (delta 265), reused 217 (delta 45) Receiving objects: 100% (656/656), 2.50 MiB | 1.08 MiB/s, done. Resolving deltas: 100% (265/265), done.` This ok? – Luke Snowden Oct 09 '13 at 20:17
  • Yes, now that user knows the remote server and SSH will only complain if the fingerprint changes. I expect the cronjob to work now. – Sven Oct 09 '13 at 20:18
  • The satis build ran without asking for authentication, looking good, going to run the cron job now. – Luke Snowden Oct 09 '13 at 20:22
  • 1
    Just has an email through, ran with no errors. Cant thank you enough for your time! – Luke Snowden Oct 09 '13 at 20:26