I am experimenting a little to familiarise myself with Deploy Keys and am not able to figure out why the following is not working:
root@host:~# GIT_SSH_COMMAND='ssh -i key -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
root@host:~# git clone firstname.lastname@example.org:*github-user*/*github-repo*.git
Cloning into '*github-repo*'...
email@example.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I have added the public key as a Deploy Key read-only) to the github-repo.
The key file contains the matching private key.
github-user is the maintainer of github-repo and has ssh keys as well.
the host is a completely freshly installed Ubuntu 20.04. with no git or ssh operations done before this example.
git version 2.25.1
Why does this not work? Why the permission error?
Grateful for any thoughts and ideas what the issue is here. Thanks.
I notice you don’t export the GIT_SSH_COMMAND variable, so it’s not actually available to the subsequent git command. That’s probably the issue.
However, before you continue, I see a number of things there that practically yell really bad idea.
You’re running Git as root. Git doesn’t do anything that needs root access, and running anything as root unnecessarily is an unnecessary security risk.
You disable the SSH known hosts file and host key checking. This means that anyone who can mess with your network traffic can make you connect to anywhere they want, and have your Git command download whatever they want.
I assume that if you clone in root, you intend to use the repository as root. In combination with not checking the identity of the remote host that makes it really easy for an attacker to get remote code execution.