Tomcat 用户无法使用 Jenkins 和 Gitosis 正确中继 SSH 密钥
我有一个新的 Jenkins 设置,在 Ubuntu 中的 Tomcat6 服务器上作为 WAR 部署运行。我还在同一台服务器上为我的所有存储库安装了 Gitosis。
我一直致力于让 Jenkins 构建存储库,但未能成功在我的存储库服务器中为 Tomcat 设置 SSH 公钥。我首先使用命令 sudo su - tomcat6 以 Tomcat 身份登录,然后运行 ssh-keygen -t rsa。之后,我将 id_rsa.pub 密钥复制到 gitosis 存储库中的 keydir 目录。
所以这里是我的命令的基本概要:
sudo su - tomcat6
ssh-keygen -t rsa -C "tomcat6@trogdorsrv"
exit # Get back to my user
sudo cp /usr/share/tomcat6/.ssh/id_rsa.pub ~/gitosis-admin/keydir/tomcat6@trogdorsrv
我的下一步是打开 gitosos-admin 存储库中的 gitosis.conf 文件,并将我的新用户添加为存储库的管理员:
vim ~/gitosis-admin/gitosis.conf
gitosis.conf:
[group buildserver]
writable = repo-name
members = tomcat6@trogdorsrv
我还有其他成员和repo-name 是我实际存储库的名称。然后,我将 gitosis-admin 存储库推送到远程,并从另一个存储库用户向其提交一些数据。
我可以从其他用户那里读取和写入我的存储库,但是当我尝试使用 Tomcat 时,出现无法登录的错误。我尝试再次以 Tomcat 身份登录并手动执行 git 克隆,以便将 git 服务器的指纹添加到known_hosts,当我进行克隆时,它会询问我的 git 用户密码。
我是不是做错了什么才能让 Jenkins SSH 密钥进入 Gitosis?
I have a new setup of Jenkins running as a WAR deployment on a Tomcat6 server in Ubuntu. I also have, on that same server, and install of Gitosis for all of my repositories.
I have been working on getting Jenkins to build the repositories, but have been unsuccessful in getting the SSH public key setup for Tomcat in my repo server. I started out by logging in as Tomcat with the command sudo su - tomcat6 and ran ssh-keygen -t rsa. After that I copied the id_rsa.pub key to the keydir directory in the gitosis repo.
So here is the basic rundown of my command:
sudo su - tomcat6
ssh-keygen -t rsa -C "tomcat6@trogdorsrv"
exit # Get back to my user
sudo cp /usr/share/tomcat6/.ssh/id_rsa.pub ~/gitosis-admin/keydir/tomcat6@trogdorsrv
My next step was to open the gitosis.conf file in the gitosos-admin repo and add my new user as the administrator of the repos:
vim ~/gitosis-admin/gitosis.conf
gitosis.conf:
[group buildserver]
writable = repo-name
members = tomcat6@trogdorsrv
I also have other members and the repo-name is the name of my actualy repo. I then pushed the gitosis-admin repo up to the remote and commited some data to it from another repo user.
I am able to read and write to my repo from the other users, but when I try to use Tomcat I get an error that it can't login. I tried logging in as Tomcat again and doing a git clone manually so that the git server's fingerprint was added to the known_hosts and when I did the clone it asked me for my git users password.
Soooo am I doing something wrong to get Jenkins SSH keys into Gitosis?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
问题是我在 keydir 中将我的公钥命名为 tomcat6@server,而 gitosis 要求文件名为 [电子邮件受保护] 使用它,即使我确实复制了公钥。
The problem was that I named my public key tomcat6@server in the keydir, whereas gitosis requires the file to be names [email protected] to use it even though I did copy the public key.
看起来您缺少一个步骤:
将 ssh 公钥复制到服务器后,您需要将其内容添加到
~/.ssh 文件夹中调用的文件中。只需做一个简单的
cat id_rsa.pub >>> ~/.ssh/authorized_keys在你的目标服务器上,你应该能够在没有密码的情况下登录。这有效吗?
It looks like you are missing a step:
After you copy your ssh pub key to the server, you need to add its contents to a file called
in the ~/.ssh folder. Just do a simple
cat id_rsa.pub >> ~/.ssh/authorized_keyson your target server, and you should be able to log in without a password.Does this work?