Comments (13)
It looks like git is trying to read a passphrase – is your key signed with a passphrase perhaps?
from git-lambda-layer.
It looks like git is trying to read a passphrase – is your key signed with a passphrase perhaps?
@mhart thanks for looking into this. Initially thought same. Verified by creating a key with no passphrase (pressing enter during keygen). Also, verified locally
udhavpawar$ ssh -T -i gitLambda [email protected]
Hi UdhavPawar! You've successfully authenticated, but GitHub does not provide shell access.
from git-lambda-layer.
Actually, the read_passphrase: can't open /dev/tty: No such file or directory
line might be a red herring – it could be completely unrelated.
Are you sure that the key is correct? Can you reproduce this locally (by writing the key from SSM to a file in exactly the same way?)
from git-lambda-layer.
Hang on – I've just realized – the command you're executing with subprocess
is ssh -v [email protected]
🤦
That's not git
! ssh
doesn't know anything about the GIT_SSH_COMMAND
environment variable – only git
uses this.
If you want to test ssh
, then you should specify all those other options on the command line too:
cmd = 'ssh -v -o StrictHostKeyChecking=no -i /tmp/gitLambdaKey -T [email protected]'
from git-lambda-layer.
- @mhart Was following instructions
process.env.GIT_SSH_COMMAND = 'ssh -o UserKnownHostsFile=/tmp/known_hosts -i /tmp/id_rsa'
mentioned on lambci's README.md. - Updated lambda function's command with git ssh command options
import os
import subprocess
import boto3
import git
import re
def lambda_handler(event, context):
# get SSH key
ssm = boto3.client('ssm')
parameter = ssm.get_parameter(Name='gitLambda')
private_key = parameter['Parameter']['Value']
# save SSH key in /tmp and chmod permissions
with open('/tmp/gitLambdaKey', 'w') as outfile:
outfile.write(private_key)
os.chmod('/tmp/gitLambdaKey', 0o400) # leading 0 in python2 and 0o in python 3 defines octal
# clean up /tmp and make dir for repo
os.system("rm -rf /tmp/* ; mkdir /tmp/git")
# To fix - Warning: Remote Host Identification Has Changed error clear known hosts for github.com first then add new
os.system('ssh-keygen -f "/tmp/known_hosts" -R "github.com"')
with open('/tmp/known_hosts', 'w') as outfile:
outfile.write("github.com,192.30.252.*,192.30.253.*,192.30.254.*,192.30.255.*,140.82.113.* ssh-rsa AAA...uScU= [email protected]")
os.environ['GIT_SSH_COMMAND'] = "ssh -o UserKnownHostsFile=/tmp/known_hosts -o StrictHostKeyChecking=no -i /tmp/gitLambdaKey"
try:
cmd = 'ssh -v -o StrictHostKeyChecking=no -i /tmp/gitLambdaKey -T [email protected]'
output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True, universal_newlines=True)
except subprocess.CalledProcessError as exc:
print("Status FAIL:", exc.returncode, exc.output)
else:
print("Output: \n{}\n".format(output))
- verified locally, authentication works using same SSH key
udhav:.ssh udhavpawar$ ssh -o StrictHostKeyChecking=no -i ./gitLambdaKey -T [email protected]
Hi UdhavPawar! You've successfully authenticated, but GitHub does not provide shell access.
- But lambda still throws same error
START RequestId: 79589a04-830d-4a48-af70-ded48f90e6bb Version: $LATEST
do_known_hosts: hostkeys_foreach failed: No such file or directory
Status FAIL: 255 Warning: Identity file /tmp/gitLambdaKey not accessible: No such file or directory.
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /opt/etc/ssh/ssh_config
debug1: /opt/etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to github.com [140.82.112.3] port 22.
debug1: Connection established.
debug1: SELinux support disabled
Could not create directory '/home/sbx_user1051/.ssh'.
debug1: key_load_public: No such file or directory
debug1: identity file /home/sbx_user1051/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/sbx_user1051/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/sbx_user1051/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/sbx_user1051/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/sbx_user1051/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/sbx_user1051/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/sbx_user1051/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/sbx_user1051/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version babeld-b447314b
debug1: no match: babeld-b447314b
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
Failed to add the host to the list of known hosts (/home/sbx_user1051/.ssh/known_hosts).
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/sbx_user1051/.ssh/id_rsa
debug1: Trying private key: /home/sbx_user1051/.ssh/id_dsa
debug1: Trying private key: /home/sbx_user1051/.ssh/id_ecdsa
debug1: Trying private key: /home/sbx_user1051/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
END RequestId: 79589a04-830d-4a48-af70-ded48f90e6bb
REPORT RequestId: 79589a04-830d-4a48-af70-ded48f90e6bb Duration: 1591.44 ms Billed Duration: 1600 ms Memory Size: 128 MB Max Memory Used: 79 MB Init Duration: 249.79 ms
lmk if any additional info is needed. ty.
from git-lambda-layer.
The error says:
Status FAIL: 255 Warning: Identity file /tmp/gitLambdaKey not accessible: No such file or directory.
Because you delete the file after you create it!
os.system("rm -rf /tmp/* ; mkdir /tmp/git")
Also – you might want to regenerate that private key that you posted initially, if you haven't already
from git-lambda-layer.
Thanks for pointing that out @mhart . Giving it a last try.
Updated Lambda function:
import os
import subprocess
import boto3
import git
import re
def lambda_handler(event, context):
# clean up /tmp
os.system("rm -rf /tmp/*")
# get SSH key
ssm = boto3.client('ssm')
parameter = ssm.get_parameter(Name='gitLambda')
private_key = parameter['Parameter']['Value']
# save SSH key in /tmp and chmod permissions
with open('/tmp/gitLambdaKey', 'w') as outfile:
outfile.write(private_key)
os.chmod('/tmp/gitLambdaKey', 0o400) # leading 0 in python2 and 0o in python 3 defines octal
# make dir for repo
os.system("mkdir /tmp/git")
# To fix - Warning: Remote Host Identification Has Changed error clear known hosts for github.com first then add new
os.system('ssh-keygen -f "/tmp/known_hosts" -R "github.com"')
with open('/tmp/known_hosts', 'w') as outfile:
outfile.write("github.com,192.30.252.*,192.30.253.*,192.30.254.*,192.30.255.*,140.82.113.* ssh-rsa private-key")
os.environ['GIT_SSH_COMMAND'] = "ssh -o UserKnownHostsFile=/tmp/known_hosts -o StrictHostKeyChecking=no -i /tmp/gitLambdaKey"
try:
cmd = 'ssh -v -o StrictHostKeyChecking=no -i /tmp/gitLambdaKey -T [email protected]'
output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True, universal_newlines=True)
except subprocess.CalledProcessError as exc:
print("Status FAIL:", exc.returncode, exc.output)
else:
print("Output: \n{}\n".format(output))
Error still says:
START RequestId: 1e534932-20f4-4995-b7b4-8b45ba1c031c Version: $LATEST
do_known_hosts: hostkeys_foreach failed: No such file or directory
Status FAIL: 255 OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /opt/etc/ssh/ssh_config
debug1: /opt/etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to github.com [140.82.112.3] port 22.
debug1: Connection established.
debug1: SELinux support disabled
Could not create directory '/home/sbx_user1051/.ssh'.
debug1: key_load_public: No such file or directory
debug1: identity file /tmp/gitLambdaKey type -1
debug1: key_load_public: No such file or directory
debug1: identity file /tmp/gitLambdaKey-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version babeld-b447314b
debug1: no match: babeld-b447314b
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
Failed to add the host to the list of known hosts (/home/sbx_user1051/.ssh/known_hosts).
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /tmp/gitLambdaKey
debug1: read_passphrase: can't open /dev/tty: No such file or directory
debug1: No more authentication methods to try.
Permission denied (publickey).
from git-lambda-layer.
Looks like the key isn't valid
from git-lambda-layer.
You could try running in a more verbose mode (-vv
or -vvv
) to see if there's more details
from git-lambda-layer.
@mhart after creating a fresh key, tried diff methods:
- using manual key with lambda funciton.
- fetching it from AWS SSM, storing it in /tmp dir.
But none of the methods have worked so far. lmk if I should try any other method or any other reference readme. TY for your guidance and time.
from git-lambda-layer.
Waited for reply, but I guess team is busy. Will figure out work-around. TY @mhart for your guidance and time.
from git-lambda-layer.
Hi @UdhavPawar ! Did you figure out any work-around? Thanks in advance.
from git-lambda-layer.
Hi @UdhavPawar ! Did you figure out any work-around? Thanks in advance.
@adriancuero Tried but it didn't work. My usecase was running some automated git actions in lambda, but now that's supported by default with git workflow actions. Check if that fits your bill
from git-lambda-layer.
Related Issues (20)
- Nodejs12 doesn't seem to be working with layer v3? HOT 2
- Lambda nodejs12.x - Permission denied (Public Key) HOT 2
- Could you add the build process? HOT 3
- File too short on shared library libpcre2-8.so.0 HOT 6
- Add support for git lfs HOT 4
- Cannot load PCRE HOT 6
- AccessDeniedException on Gov Cloud? HOT 4
- Python import git module error for AWS Lambda HOT 1
- Could not deploy because lambda with layer exceeded 250 mb... HOT 3
- How to use "git push" ? HOT 7
- Support for GIT v2.30.2 because of Security Vulnerability HOT 3
- [Question] Uploading my own zip file HOT 5
- Support for using layer.zip with AWS Lambda containers HOT 7
- Support for using aws cli executable
- clone with ssh protocol hit issues
- Support for arm64 lambdas HOT 3
- How can I create my own layer? HOT 4
- using layer with python in Lambda function HOT 2
- Update to latest versions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from git-lambda-layer.