Elastic beanstalk 访问私有 git repo

Question 1

我将其添加到我的 ebextensions 中。这是我用来连接代码提交的。我需要指定用户并忽略主机密钥检查。希望这对任何路过的人有所帮助...

commands:
    add_ssh_config:
        command: printf "Host git-codecommit.*.amazonaws.com\r\n  StrictHostKeyChecking no\r\n  User <name-of-user>\r\n  IdentityFile ~/.ssh/<name-of-key>.pem" > /home/ec2-user/.ssh/config"

Answer

我将其添加到我的 ebextensions 中。这是我用来连接代码提交的。我需要指定用户并忽略主机密钥检查。希望这对任何路过的人有所帮助...

commands:
    add_ssh_config:
        command: printf "Host git-codecommit.*.amazonaws.com\r\n  StrictHostKeyChecking no\r\n  User <name-of-user>\r\n  IdentityFile ~/.ssh/<name-of-key>.pem" > /home/ec2-user/.ssh/config"

Question 2

主机密钥验证意味着主机本身无法验证。当您首次使用 ssh 连接到主机时，ssh 会询问您以下问题。这就是主机密钥验证。

The authenticity of host 'blah.blah.blah (10.10.10.10)' can't be established.
RSA key fingerprint is a4:d9:a4:d9:a4:d9a4:d9:a4:d9a4:d9a4:d9a4:d9a4:d9a4:d9.
Are you sure you want to continue connecting (yes/no)?

为了安全地传递，您可以ssh-keyscan <repo-host>在本地使用并创建一个known_hosts包含输出的文件。

因此对于 GitHub 来说，这将是

$ ssh-keyscan github.com
# github.com:22 SSH-2.0-babeld-f43b814b
# github.com:22 SSH-2.0-babeld-f43b814b
# github.com:22 SSH-2.0-babeld-f43b814b
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

因此 ebextension 看起来像这样：

packages:
  yum:
    git: []

container_commands:
    01-move-ssh-keys:
        command: "cp .ssh/* ~root/.ssh/; chmod 400 ~root/.ssh/tca_read_rsa; chmod 400 ~root/.ssh/tca_read_rsa.pub; chmod 644 ~root/.ssh/known_hosts;"
    02-add-ssh-keys:
        command: "ssh-add ~root/.ssh/tca_read_rsa"
    03-add-known-hosts:
        command: "echo 'github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==' > ~root/.ssh/known_hosts"
    04-fix-perm:
        command: "chmod 400 ~root/.ssh/known_hosts"

Answer

主机密钥验证意味着主机本身无法验证。当您首次使用 ssh 连接到主机时，ssh 会询问您以下问题。这就是主机密钥验证。

The authenticity of host 'blah.blah.blah (10.10.10.10)' can't be established.
RSA key fingerprint is a4:d9:a4:d9:a4:d9a4:d9:a4:d9a4:d9a4:d9a4:d9a4:d9a4:d9.
Are you sure you want to continue connecting (yes/no)?

为了安全地传递，您可以ssh-keyscan <repo-host>在本地使用并创建一个known_hosts包含输出的文件。

因此对于 GitHub 来说，这将是

$ ssh-keyscan github.com
# github.com:22 SSH-2.0-babeld-f43b814b
# github.com:22 SSH-2.0-babeld-f43b814b
# github.com:22 SSH-2.0-babeld-f43b814b
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

因此 ebextension 看起来像这样：

packages:
  yum:
    git: []

container_commands:
    01-move-ssh-keys:
        command: "cp .ssh/* ~root/.ssh/; chmod 400 ~root/.ssh/tca_read_rsa; chmod 400 ~root/.ssh/tca_read_rsa.pub; chmod 644 ~root/.ssh/known_hosts;"
    02-add-ssh-keys:
        command: "ssh-add ~root/.ssh/tca_read_rsa"
    03-add-known-hosts:
        command: "echo 'github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==' > ~root/.ssh/known_hosts"
    04-fix-perm:
        command: "chmod 400 ~root/.ssh/known_hosts"

Elastic beanstalk 访问私有 git repo

答案1

答案2

相关内容