search

ansistrano / deploy

Ansible role to deploy scripting applications like PHP, Python, Ruby, etc. in a capistrano style
https://ansistrano.com
MIT License
2.37k stars 343 forks source link

Question/Bug: Git - Permission denied (publickey) - Update remote repository using SSH key #394

Closed newfylox closed 1 year ago

newfylox commented 1 year ago

Hi, I don't know if it's something I'm missing or if it's a bug, but like Capistrano, I was thinking that Ansistrano was using the same SSH key that is used to SSH on the server to clone the Github repository, hence not necessary to provide a path to the local SSH key.

For example, if I'm on my laptop, the command git clone git@github.com:my/repository.git works, so I thought it would work on the remote server that Ansistrano is connecting through SSH.

Of course, I tried with or without providing a local SSH key.

I have a minimal configuration like this

# deploy-playbook.yml
---
- name: Deploy My App
  hosts: "{{ HOSTS | default(omit) }}"
  vars:
    ansistrano_deploy_from: "{{ playbook_dir }}/"
    ansistrano_deploy_to: "/var/www/{{ domain_name }}"
    ansistrano_keep_releases: 3
    ansistrano_deploy_via: git
    ansistrano_git_repo: git@github.com:my/repository.git
    # ansistrano_git_identity_key_path: "./id_rsa.pub" # I tried both, with or without
    ansistrano_git_branch: master
    ansistrano_git_depth: 1
  roles:
    - { role: ansistrano.deploy }

and I get this error

fatal: [staging1]: FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote git@github.com:my/repository.git -h refs/heads/master", "msg": "Load key \"/var/www/html/git_identity_key\":********@github.com: Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Load key \"/var/www/html/git_identity_key\": error in libcrypto\r\ngit@github.com: Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": ["Load key \"/var/www/html/git_identity_key\": error in libcrypto", "git@github.com: Permission denied (publickey).", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "", "stdout_lines": []}

Of course, git@github.com:my/repository.git is not the real repository

mlvnds commented 1 year ago

It seems that you tried with your public ssh key, did you try to use your local private key instead ~/.ssh/id_rsa ? Also make sure the ssh key you mention is allowed to clone your repository and check your ~/.ssh/config file to see if there is no mistakes about your configuration with hosts that you are trying to reach (like a wrong or outdated key left)

ricardclau commented 1 year ago

Not an Ansistrano bug, please check the Ansible docs to see how to use SSH keys correctly