Ansible git 权限被拒绝(公钥)

tag-icon tag-icon git ansible
Ansible git 权限被拒绝(公钥) 
{
  "changed": false,
  "cmd": "/bin/git clone --bare ssh:********@enterprise.acme.net:7999/acme/acme-whm.git /usr/local/acme/.git",
  "msg": "Warning: Permanently added [enterprise.acme.net]:7999,[10.0.37.37]:7999 (RSA) to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.",                                               
  "rc": 128,
  "stderr": "Warning: Permanently added [enterprise.acme.net]:7999,[10.0.37.37]:7999 (RSA) to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n",                                          
  "stderr_lines": [
    "Warning: Permanently added [enterprise.acme.net]:7999,[10.0.37.37]:7999 (RSA) to the list of known hosts.",                                                                                                            
    "Permission denied (publickey).",
    "fatal: Could not read from remote repository.",
    "",
    "Please make sure you have the correct access rights",
    "and the repository exists."
  ],
  "stdout": "Cloning into bare repository /usr/local/acme/.git...\n",
  "stdout_lines": [
    "Cloning into bare repository /usr/local/acme/.git..."
  ]
}

如果我有的话为什么我会遇到这个问题

accept_hostkey: True

在我的戏里?

- name: Clone Git                                                                             
    environment:                                                                                
      TMPDIR: "{{ acme_root }}"                                                               
    git:                                                                                        
      bare: yes                                                                                 
      track_submodules: yes                                                                     
      accept_hostkey: yes                                                                       
      repo: "{{ acme_repo_upstream }}"                                                        
      dest: "{{ acme_root }}/.git"

答案1

无论您是否可以连接到 Ansible 以及您对 Git 的选择是什么,如果您看到以下消息,

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:J6ErF8jeZVKGsg0db5u2hiNeQbH4pdGzPcbpGXZhOm8.
Please contact your system administrator.
Add correct host key in /home/ecarroll/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/ecarroll/.ssh/known_hosts:50
  remove with:
  ssh-keygen -f "/home/ecarroll/.ssh/known_hosts" -R "10.1.38.15"
ECDSA host key for 10.1.38.15 has changed and you have requested strict checking.
Host key verification failed.

那么你的代理就不会转发。如果你跑步ssh-add -l你会看到,

Could not open a connection to your authentication agent.

而且,你必须跑

 ssh-keygen -f "/home/ecarroll/.ssh/known_hosts" -R "10.1.38.15"

然后重新连接。

相关内容