1

I have a git repository in a hosted instance of Atlassian Stash. I then have three machines: olympus, zeus and hera where I deploy the latest release of a software system. To automate this I'd like to remotely deploy from olympus onto the other machines which I try to do using ssh and git pull but this fails with Permission denied (publickey).. I basically do and get:

azg@olympus:~$ ssh azg@zeus 'cd ~/my/project/release/deploy/location/; git pull'
Permission denied (publickey).
fatal: The remote end hung up unexpectedly

I have the following:

  • Every machine has a different azg user (haven't had time to install LDAP etc) so I have azg@olympus, azg@zeus and azg@hera. For each user I have generated ssh id_rsa key pairs.
  • I have populated each azg user authorized_keys with the corresponding id_rsa.pub of the others

  • Stash azg user is configured with a copy of all id_rsa.pub for every azg user (azg@olympus, azg@zeus, azg@hera) so I can clone, pull or push from every machine via ssh without having to enter password each time. Therefore I can do no problems:

    azg@olympus:~/code$ git clone ssh://azg@olympus:7999/pm/pm.git
Cloning into 'pm'...        
remote: Counting objects: 555, done.
remote: Compressing objects: 100% (271/271), done.
remote: Total 555 (delta 203), reused 555 (delta 203)
Receiving objects: 100% (555/555), 9.54 MiB, done.
Resolving deltas: 100% (203/203), done.

and I can do the same from each machine separately. However, I can't do it if I login remotely first namely it asks me each time for the passphrase for key '/home/azg/.ssh/id_rsa' e.g.

azg@olympus:~$ ssh azg@zeus
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.5.0-43-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

Last login: Wed Nov 27 17:01:33 2013 from olympus
azg@zeus:~$ cdc
azg@zeus:~/code$ git clone ssh://azg@olympus:7999/pm/pm.git
Cloning into 'pm'...
Enter passphrase for key '/home/azg/.ssh/id_rsa':  <<<<<<<<<<< WHY???
remote: Counting objects: 555, done.
remote: Compressing objects: 100% (271/271), done.
remote: Total 555 (delta 203), reused 555 (delta 203)
Receiving objects: 100% (555/555), 9.54 MiB | 145 KiB/s, done.
Resolving deltas: 100% (203/203), done.
SQB
  • 3,926
  • 2
  • 28
  • 49
SkyWalker
  • 13,729
  • 18
  • 91
  • 187

1 Answers1

2

It sounds like you created the RSA key pair on Zeus with a passphrase. (This is different from an account password; it is a passphrase to decrypt the key file itself.) Consider regenerating the key pair and make sure you don't enter anything when ssh-keygen asks for a passphrase.

Also, although some security experts might frown on the practice, I would recommend creating only one key pair and use it on all the machines. Then the authorized_keys file only needs one line and can be identical on all the hosts.

::edit:: As OP points out in comments, if your OS insists on saddling you with ssh-agent (which I would recommend disabling), you will need to run ssh-add on all the machines in order to get ssh-agent to stop issuing warnings.

dg99
  • 5,456
  • 3
  • 37
  • 49
  • Do I get correctly that I should generate only one passphrase-less ssh key pair and use it in all machines? does the host name plays any role in the pub file i.e. azg@zeus? – SkyWalker Nov 27 '13 at 16:13
  • 1
    Yes, that's what I would do. No, the `user@host` that gets put at the end of the line inside the public key file is just a comment. It's completely irrelevant. I usually replace mine with `dg99@global`, which is still meaningless but reminds me personally that I'm using this key pair in many places. – dg99 Nov 27 '13 at 16:16
  • Allrighty it works thanks! just for completion following your answer as is I would end up in error `Agent admitted failure to sign using the key.` and this is fixed running `ssh-add` in all machines! Please update answer and I will accept. – SkyWalker Nov 27 '13 at 16:32
  • I don't typically use `ssh-agent`, but I can see how that would be important if one does. – dg99 Nov 27 '13 at 16:33