Getting "permission denied" error while cloning a repository using SSH?

Question

I wrote a shell script to clone a repository from Git on more than 100 systems where I am logging to each system.

I tested the script by running it on the system that hosts it, but when I run the same script by logging in from other system using SSH, it gives me a "permission denied" error, though the script is present on the same system where I have to make the clone.

I am using Ruby 1.8.7.

For log in purpose I have created another script file in which first I am log in and run the script here is my code for it in my login.sh here $1 is that I am passing the port parameter to the login.sh

sshpass -p 1234 ssh -p $1 admin@localhost './my_update_steps.sh &' 

In script also makes the changes so that it can automatically handle key genration using keygen. Here is that code:

ssh-keygen -R myhostname
ssh-keyscan -H myhostname >> ~/.ssh/known_hosts
rm ~/.ssh/known_hosts.old

EDIT 1

By using this link I have made the changes in the .ssh/config file as

Host *
    StrictHostKeyChecking no 

but still it is given error as

Warning: Permanently added 'XXXX.XXXXX.XXXX.XXX'  to the list of known hosts.^M
Permission denied (publickey).^M
fatal: The remote end hung up unexpectedly

How can I resolve this error? Is there something that am I missing? and what is ^M meaning here.

Answer 1

Well, the information you have supplied is not sufficient to cure, but it’s fairly enough to set a diagnosis.

The reason of appearing ^M (Ctrl-M) character is windows/unix controversy of how the lines in text files are to be ended. Windows (and DOS) terminate lines of text with CR (^M, carriage return, ASCII code 13) followed by LF (linefeed, ASCII code 10). Linux uses just LF, so the carriage returns appear as part of the text. That trifle may break virtually everything. (Just a matter of fact, MacOS terminates text lines with CR only, making the hell even more burning.)

If you’ll try to transfer text files from win to nix box (and vice versa) with, say, binary FTP protocol, you’ll end up with trailing ^Ms (win⇒nix case) or with all the lines concatenated into one huge line with ^J (nix⇒win case, win doesn’t treat ^J≡LF alone as carriage returns). That’s why there is such a thing as a difference between FTP text/binary transfer.

Your error shows that you ran into EOL issue. Imagine your scripts as well as your ssh key files have trailing ^M. Public key is read from the beginning of line till it’s very end; extra trailing ^M makes key inappropriate (see string comparision: abc != abc^M, right?)

So. The summing up. I would suggest you to use the standard way to execute scripts on remote machines:

ssh … <<ENDSSH
command1.sh
command2.sh
…
commandN.sh
ENDSSH

This will delegate the EOL handling to operating systems, they’ll do their best. I’d be glad to answer some forthcoming questions, but for now that’s all the diagnostics I could provide basing on what you’ve posted.

Answer 2

If you're cloning a repository on the same host, you don't actually need to use the ssh protocol. You can clone more efficiently just by specifying the direct path:

git clone /home/admin/path/repository.git

Of course, the user doing the cloning will need read permission on the files in the repository. This can be a problem to maintain if you have many people pushing to the source repository; see these answers for some guidance on setting your permissions properly if that's the case.

As for your ssh problems: from what you're showing of your script, you're missing one final step, which is to install a copy of your public key into ~/.ssh/authorized_keys. This is necessary even if you're logging into localhost as the same user. You can do this with ssh-copy-id, which will also correct some permissions problems for you:

sshpass -p 1234 ssh-copy-id localhost

Answer 3

This error:

Permission denied (publickey).

is telling me that you're probably missing your key files on the other systems.

You'll need to make sure you have pushed your SSH keys to each system you are trying to clone from.

For brevity, your keys lives in ~/.ssh/ and are typically something like id_rsa.* (though they don't have to be).