How to config Shell user to use it as git autodeploy?

Discussion in 'Installation/Configuration' started by kadikey-developer, Dec 28, 2024.

  1. kadikey-developer

    kadikey-developer Member

    I configure a site as a vhost subdomain so it placed in /var/www/clients/clientid/webid/subdomain/public_html/. Also I created Shell user without jailkit and it's folder is created in /var/www/clients/clientid/webid/home/shellusername/. When I am connecting as this user it shows me that I'm connected as webid@ispserver. Under this user I inited a git repo in /var/www/clients/clientid/webid/subdomain/, added a remote and tried to fetch, but it didn't fetched. Than I tried to connect manual to git ssh server with option -v and saw that it can't create a file in /var/www/clients/clientid/webid/.ssh.
    Why it doesn't use /var/www/clients/clientid/webid/home/shellusername/.ssh folder or how to config user to able use webid/.ssh folder?
     
    kadikey-developer, Dec 28, 2024
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    So, it seems like GIT fails to use the user's correct home directory on your system and uses the directory of the web user instead. What you can try to do is to create the .ssh directory in the location that GIT tries to use:

    Code:
    chattr -i /var/www/clients/clientid/webid
mkdir /var/www/clients/clientid/webid/.ssh
chown webid:clientid /var/www/clients/clientid/webid/.ssh
chattr +i /var/www/clients/clientid/webid


    Probably, the GIT developers did not take into account that Linux allows it to have multiple users with the same UID, and GIT should have looked up the home directory by username and not taken the one of the first users where UID matches but not username.
     
    till, Dec 28, 2024
    #2
  3. kadikey-developer

    kadikey-developer Member

    No, that's not git can't, this error is when I'm trying use ssh git@gitlabserver command and it tries to use .ssh directory from webid folder.
    There is already, it creates when subdomain site creates. That is why I think that change attributes in terminal isn't a good idea, the can be changed back if site settings will be changed.
     
    kadikey-developer, Dec 28, 2024
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Which user and group owns the directory at the moment? SSH seems to be not the problem here as you said, you can connect by SSH, so SSH works fine. SSH not being able to write an optional file does not mean that it does not work as long as you are able to log in. So what fails here is git; you should check why git cannot fetch the data. Probably you blocked outgoing connections from your server to the git system e.g. in an external firewall or a firewall of your cloud provider.
     
    Last edited: Dec 28, 2024
    till, Dec 28, 2024
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    You can also try to specify the HOME directory explicitly:

    HOME=/var/www/clients/clientid/webid/home/shellusername/ ssh git@gitlabserver

    Or try using a jailed SSH user, which would be more secure anyway. If you are using key based authentication and SSH does not find the key, then you can also specify the key path.
     
    till, Dec 28, 2024
    #5
  6. kadikey-developer

    kadikey-developer Member

    Maybe there is a problem with my English. I was trying to say that there is a problem with SSH, because I tried to connect manualy to git server with the command "ssh -v [email protected]" and got the message that it can't to write to known_hosts in a directory or smth like that. However I solved the problem - it was because I created a Website with main domain for client as Admin and then created SSH user as a Client. This also made webId folder in /var/www/clients/client0/ and SSH was trying to use that directory. I deleted site and SSH user, and recreated them as a Client.
    But now I have another problem. I need to use SSH keys to connect to [email protected], I placed private key in /var/www/clients/clientID/.ssh/, made a try to connect manualy using SSH command and got the message that this key
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Permissions 0644 for '/var/www/clients/client2/web45/.ssh/id_ed25519' are too open.
    It is required that your private key files are NOT accessible by others.
    This private key will be ignored.
    I changed permissions to id_ed25519, so now it has:
    -rw------- 1 web45 client2 411 Dec 7 2023 id_ed25519
    and now I can fetch the fit remote repository.
    But by default everything in .ssh/ creates with 644 permissions. Can I change it somehow to 600 by default?
     
    kadikey-developer, Jan 9, 2025
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    If you manually create or copy a key, you must set proper permissions for it manually.
     
    till, Jan 9, 2025
    #7
  8. kadikey-developer

    kadikey-developer Member

    OK.
    But it seems strange that new ssh-user uses clientID/webID/.ssh/ folder instead of clientID/webID/.ssh/home/sshUserName/.ssh folder. Is there anyway to change this?
     
    kadikey-developer, Jan 9, 2025
    #8
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you create that user manually? Users created by ISPConfig use this folder: clientID/webID/.ssh/home/sshUserName/.ssh and that#s where ISPConfig stores the public key when you add one using ISPConfig. Or, as I mentioned already, you use an application that uses the wrong .ssh folder; in that case, specify the correct folder and key path when using that application.
     
    till, Jan 9, 2025
    #9
  10. kadikey-developer

    kadikey-developer Member

    I created this user in ISPConfig panel in side menu under "command line" section - "SSH\SFTP - user" upload_2025-1-9_15-10-44.png
    And the folder client2/web45/.ssh/home/sshUserName/.ssh is created automatically.
    But when I log in I see that I am logged in as web45@isp. upload_2025-1-9_15-13-16.png
    And when I'm connecting to any ssh server with -v option I see that it is using clientID/web45/.ssh/ folder upload_2025-1-9_15-20-32.png
    No other apps I didn't install.
     
    kadikey-developer, Jan 9, 2025
    #10
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    I've already explained that in post #2. This also depends on how you created the user, if you created it as jailkit user, it would show the login username.

    As I mentioned in post #9, you can tell applications like the ssh command which key to use from which folder.
     
    till, Jan 9, 2025
    #11
    ahrasis likes this.
  12. kadikey-developer

    kadikey-developer Member

    Sorry, didn't understand that. Yes, when I use jailkit, it will use username. I thought this variant isn't suitable for me, but now I tried it again and see that this is the best way. Thanks.
     
    kadikey-developer, Jan 9, 2025
    #12

Share This Page