我建立了一个PHP脚本,执行对特定文件夹的混帐获取:的Git从PHP文件中使用了shell_exec私钥取
确切的命令是:
usr/bin/git --git-dir=/home/bathan/www/sync_test/repo3//.git --work-tree=/home/bathan/www/sync_test/repo3/ fetch
当然,如果我在命令行上运行它可以很好地工作。
现在,当我运行这个使用了shell_exec我得到以下错误:
Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,gssapi-with-mic,password). fatal: The remote end hung up unexpectedly
展望服务器的尝试连接,确切的错误是:
Apr 8 10:52:17 myserver sshd[26230]: Failed password for git from 192.15.136.253 port 32878 ssh2
那么,好吧。我猜这个shell_exec不能读取我设置的〜/ .ssh/id_rsa密钥。所以我给这个文件777权限,我得到这个错误。
@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@ Permissions 0777 for '/home/bathan/.ssh/id_rsa' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /home/bathan/.ssh/id_rsa Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,gssapi-with-mic,password). fatal: The remote end hung up unexpectedly
所以我想git是能够读取密钥文件。如果我把它恢复到正确的权限,我会再次回到第一个错误。
注意:我的apache服务器设置为与我的同一用户(bathan)一起运行,并且这是一个ubuntu盒子。
这是SSH -v响应
OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Reading configuration data /home/bathan/.ssh/config
debug1: Applying options for gitserver
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to git.myserver.com [77.171.171.229] port 22.
debug1: Connection established.
debug1: identity file /home/bathan/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1023
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1023
debug1: identity file /home/bathan/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'git.myserver.com' is known and matches the RSA host key.
debug1: Found key in /home/bathan/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
..
..
什么想法?
正如我所说,我的apache服务器设置为与我的同一用户(bathan)一起运行。我在apache.conf上修改了这个目的,以确保使用完全相同的用户。 – Bathan 2011-04-08 18:44:33
好的,扩展我的答案,用一个有用的调试 – Till 2011-04-08 18:57:43
而不是改变Apache作为你的用户运行,为什么不把你的密钥复制到Apache的.ssh目录? – 2011-04-08 19:05:08