Benyi Benyi - 1 month ago 14
PHP Question

Github authentication failed with user www-data

I'm setting up a hook between Github and my server, which can auto pull new commits when the script triggered by Github requests.

It's all setting finished, like ssh-keys, git origin. I can pull a new commit from my private repo hosted on Github by running

git pull origin master
. It's works fine with the shell.

But when I write that command into a
deploy.php
file, it can be triggered by Github, but with error message.

Host key verification failed. fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.


After that, I run a command
whoami
through the php file, it returns user
www-data
.

Actually, I generate a key for
www-data
user, and put them in
/var/www/.ssh
, also copied
id_rsa.pub
and pasted it to Github, still have an authentication failure.


  • nginx

  • All files are set to belong
    www-data:www-data

  • I have add
    www-data
    's public key to the repo's deploy keys.



The
deploy.php
command

shell_exec("cd /var/www/html/tinfo/; git pull origin master 2>&1;");


My question is


  1. How to create a key for
    www-data
    ?

  2. Is
    www-data
    's
    .ssh
    directory
    /var/www/.ssh
    ?

  3. If I'm not wrong, why does github refuse my connection? I guess it's related about the user
    www-data
    who execute
    deploy.php
    file and run commands through PHP.

  4. When talk to Github server, does
    www-data
    not sent its private key to the server?



Thank you so much.

Answer

This problem solved with adding GitHub to known hosts according to Benyi's comment.

ssh-keyscan -t rsa github.com >> /var/www/.ssh/known_hosts

You should specify ssh key firstly. After that, you should do git tasks what you want.

1-) Ssh keys are not user specific. So you can create rsa key pair everywhere. Public key should be copied to github. Private key should be placed on your host.

2-) In linux environment, default .ssh folder path is under the users home directory. If you do not specify user's home folder, it should be in /home/www-data/.ssh. If you can not access this folder you should specify your ssh key that have written in my example.

3-) In linux environment, deploy.php runned by user who executing nginx process. Commonly apache2 and nginx processes executed by www-data user.

4-) You should specify your ssh key path for sending this key file for authorization when you talk with github server.