Why can I pull ssh key without password, in terminal, but not through script? #22396
-
It’s a server running Ubuntu 20.04. With the root user, in the terminal, if I run git pull, it works ok, but if nginx runs a script for automatic deployment, it doesn’t do git pull, the message below appears: Host key verification failed. Please make sure you have the correct access rights See the ssh configuration file, in ~/.ssh/config: Host github.com Key Permissions: -rwxrwxrwx 1 _nginx _nodejs 411 Nov 24 14:52 id_ed25519 The goal is: a webhook calls for a url that calls a shell script that auto-deploys it on the server. |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments
-
cesarmsj:
The error message is about the host key, not your identity key. The host key is what GitHub’s SSH server uses for authentication, to ensure you’re talking to the right server (and not, say, deploying code provided by some MITM attacker). The correct host key must be listed in the user’s
cesarmsj:
As a side note, please avoid running things as root that don’t actually need root access. It’s an unnecessary risk. 🙂 |
Beta Was this translation helpful? Give feedback.
-
Thank you very much for the answer. Unfortunately, it didn’t work out. Includes the following line: github.com ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU in /var/www/.ssh/know_hosts, restarted ssh, and the message still continues to appear. I left /var/www/.ssh because looking in /etc/passwd, there it is: _nginx:x:998:1002::/var/www:/bin/false |
Beta Was this translation helpful? Give feedback.
-
Oops, I solved the case haha. The correct user is _nodejs and not _nginx. So your answer helped me, thank you very much! |
Beta Was this translation helpful? Give feedback.
-
cesarmsj:
You can’t copy the fingerprint for the last part, check your own
You can get the fingerprint from that with |
Beta Was this translation helpful? Give feedback.
The error message is about the host key, not your identity key. The host key is what GitHub’s SSH server uses for authentication, to ensure you’re talking to the right server (and not, say, deploying code provided by some MITM attacker).
The correct host key must be listed in the user’s
~/.ssh/known_hosts
file. You could either copy the relevant line from yours, or connect interactively as the nginx user and confirm after checking the fingerprint against this list: GitHub's SSH key fingerprints - GitHub DocsAs a side …