的Git从PHP文件中使用了shell_exec私钥取

Question

我建立了一个PHP脚本，执行对特定文件夹的混帐获取：

确切的命令是：

usr/bin/git --git-dir=/home/bathan/www/sync_test/repo3//.git --work-tree=/home/bathan/www/sync_test/repo3/ fetch 

当然，如果我在命令行上运行它可以很好地工作。

现在，当我运行这个使用了shell_exec我得到以下错误：

Permission denied, please try again. 
Permission denied, please try again. 
Permission denied (publickey,gssapi-with-mic,password). 
fatal: The remote end hung up unexpectedly 

展望服务器的尝试连接，确切的错误是：

Apr 8 10:52:17 myserver sshd[26230]: Failed password for git from 192.15.136.253 port 32878 ssh2

那么，好吧。我猜这个shell_exec不能读取我设置的〜/ .ssh/id_rsa密钥。所以我给这个文件777权限，我得到这个错误。

@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@ Permissions 0777 for '/home/bathan/.ssh/id_rsa' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /home/bathan/.ssh/id_rsa Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,gssapi-with-mic,password). fatal: The remote end hung up unexpectedly

所以我想git是能够读取密钥文件。如果我把它恢复到正确的权限，我会再次回到第一个错误。

注意：我的apache服务器设置为与我的同一用户（bathan）一起运行，并且这是一个ubuntu盒子。

这是SSH -v响应

OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010 
Pseudo-terminal will not be allocated because stdin is not a terminal. 
debug1: Reading configuration data /home/bathan/.ssh/config 
debug1: Applying options for gitserver 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: Applying options for * 
debug1: Connecting to git.myserver.com [77.171.171.229] port 22. 
debug1: Connection established. 
debug1: identity file /home/bathan/.ssh/id_rsa type 1 
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1023 
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1023 
debug1: identity file /home/bathan/.ssh/id_rsa-cert type -1 
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 
debug1: match: OpenSSH_4.3 pat OpenSSH_4* 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug1: kex: server->client aes128-ctr hmac-md5 none 
debug1: kex: client->server aes128-ctr hmac-md5 none 
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP 
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY 
debug1: Host 'git.myserver.com' is known and matches the RSA host key. 
debug1: Found key in /home/bathan/.ssh/known_hosts:4 
debug1: ssh_rsa_verify: signature correct 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug1: SSH2_MSG_NEWKEYS received 
debug1: Roaming not allowed by server 
debug1: SSH2_MSG_SERVICE_REQUEST sent 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug1: Authentications that can continue: publickey,gssapi-with-mic,password 
debug1: Next authentication method: gssapi-with-mic 
debug1: Unspecified GSS failure. Minor code may provide more information 
Credentials cache file '/tmp/krb5cc_1000' not found 
.. 
.. 

什么想法？

Answer 1

确定的PHP脚本使用相同的用户在安装~/.ssh/id_rsa与执行？

E.g.在许多环境中，网络服务器（例如Apache）由www-data运行。而我只是猜测www-data不是id_rsa所在的$HOME/.ssh/的用户。

尝试硬编码的SSH密钥的位置在.ssh/config：

Host gitserver 
Hostname fqdn.example.org 
IdentityFile /home/THE-USER/.ssh/id_rsa 

如果这没有帮助，调试像这样：

从PHP：

<?php 
shell_exec("ssh -v gitserver"); 

查看在这种情况下使用哪些键来了解为什么它可能不起作用。

Answer 2

我发现了这个问题。

rsa_id正在使用释义，显然没有被脚本输入。

我删除与意译：SSH-凯基-p和它的工作就像一个魅力。

感谢大家的帮助！