Hello Rickard, Thanks to correct me.
Now i am able to clone the repository as root user. But when try to switch the user deploy getting permission denied error. Which you already explained to me. Really appreciated and thanks for your time and support. On Monday, January 7, 2019 at 2:18:00 PM UTC+5:30, Rickard von Essen wrote: > > I don't think you understand the error message. > > You don't have a tty so you can't type yes to add the hsot key to the > known hosts file. Just add: > -o StrictHostKeyChecking=no > To your ssh commands. > > On Mon, Jan 7, 2019, 09:31 Tekchand Dagar <[email protected] > <javascript:> wrote: > >> Hello Rickard, >> >> I am aware about the below error: >> >> Host key verification failed >> >> Below is the scenario at my end: >> >> 1. We have gitlab server and my laptop public SSH key is there for a >> repository and i am able to clone it over my laptop. >> 2. I have installed Virtualbox over my laptop and packer is running there. >> 3. I have copied my laptop Private SSH key on packer machine in a file >> and run the below command on packer machine: >> eval "$(ssh-agent)" >> ps aux | grep ssh >> ssh-add /path/to/my/private/ssh/key/file >> >> Can you please help me why its showing this error? Where i need to add my >> private key? >> >> Thanks. >> >> >> On Monday, January 7, 2019 at 12:55:02 PM UTC+5:30, Rickard von Essen >> wrote: >>> >>> Google "Host key verification failed" >>> >>> On Mon, Jan 7, 2019 at 8:20 AM Tekchand Dagar <[email protected]> >>> wrote: >>> >>>> Hello Rickard, >>>> >>>> Thank you for your response and apologies for late reply from my side. >>>> >>>> Now i have made the changes in my `*.yml*` file and now i am trying to >>>> clone the git as root user rather than deploy user. Please refer the >>>> attached files for my builder and yml files. >>>> >>>> Below are the Error logs: >>>> >>>> ==> digitalocean: Provisioning with shell script: ch.sh >>>> ==> digitalocean: Provisioning with shell script: >>>> /tmp/packer-shell176262049 >>>> digitalocean: SSH_AUTH_SOCK='/tmp/ssh-lq0EZ6xnBa/agent.1617' >>>> digitalocean: SSH_CLIENT='1.2.3.4 57414 22' >>>> digitalocean: SSH_CONNECTION='1.2.3.4 57414 3.4.5.6 22' >>>> digitalocean: OpenSSH_7.2p2 Ubuntu-4ubuntu2.6, OpenSSL 1.0.2g 1 >>>> Mar 2016 >>>> digitalocean: ssh-rsa >>>> AAAAB3NzaC1yc2EAAAADAQABAAABAQDjnEEn4+sO3U9o4+Xr9KEtjrDX+i2jMPazXNPnMFoZNwFG3XPDrnl+Whb+SHjBsdfXx+iQkasASKCo1ap118g0hSFMgLVtIlFyD0GqePId4uejLrYZG79AbbEWn0kB+RitaG2S2S2OMHcUAeGtmoyIXHqvPEo9tDoSht6ReFk9UY2eGQUjy8QFz/2TIbF8IpEZz5JvGkmuGF0PqPn0GQZw6sw4VJlE5Zre52qyEMQel4mHAKXQiWhSG0wpK5IOfPuUmXXLCzJp07tYqZR/lcKsJMBm6BkqVG3JRf/cpJo0n9oB >>>> >>>> id_rsa >>>> digitalocean: debug1: Reading configuration data /etc/ssh/ssh_config >>>> digitalocean: debug1: /etc/ssh/ssh_config line 19: Applying >>>> options for * >>>> digitalocean: Pseudo-terminal will not be allocated because stdin >>>> is not a terminal. >>>> digitalocean: /root >>>> digitalocean: debug2: resolving "ab.xyz.com" port 971 >>>> digitalocean: debug2: ssh_connect_direct: needpriv 0 >>>> digitalocean: debug1: Connecting to ab.xyz.com >>>> <http://www.google.com/url?q=http%3A%2F%2Fgit.promobitech.com&sa=D&sntz=1&usg=AFQjCNHlD3uv2ONsSca8fntLkmWLIgPUqA> >>>> >>>> [5.6.7.8] port 971. >>>> digitalocean: debug1: Connection established. >>>> digitalocean: debug1: permanently_set_uid: 0/0 >>>> digitalocean: debug1: key_load_public: No such file or directory >>>> digitalocean: debug1: identity file /root/.ssh/id_rsa type -1 >>>> digitalocean: debug1: key_load_public: No such file or directory >>>> digitalocean: debug1: identity file /root/.ssh/id_rsa-cert type -1 >>>> digitalocean: debug1: key_load_public: No such file or directory >>>> digitalocean: debug1: identity file /root/.ssh/id_dsa type -1 >>>> digitalocean: debug1: key_load_public: No such file or directory >>>> digitalocean: debug1: identity file /root/.ssh/id_dsa-cert type -1 >>>> digitalocean: debug1: key_load_public: No such file or directory >>>> digitalocean: debug1: identity file /root/.ssh/id_ecdsa type -1 >>>> digitalocean: debug1: key_load_public: No such file or directory >>>> digitalocean: debug1: identity file /root/.ssh/id_ecdsa-cert type -1 >>>> digitalocean: debug1: key_load_public: No such file or directory >>>> digitalocean: debug1: identity file /root/.ssh/id_ed25519 type -1 >>>> digitalocean: debug1: key_load_public: No such file or directory >>>> digitalocean: debug1: identity file /root/.ssh/id_ed25519-cert type >>>> -1 >>>> digitalocean: debug1: Enabling compatibility mode for protocol 2.0 >>>> digitalocean: debug1: Local version string SSH-2.0-OpenSSH_7.2p2 >>>> Ubuntu-4ubuntu2.6 >>>> digitalocean: debug1: Remote protocol version 2.0, remote software >>>> version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 >>>> digitalocean: debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 pat >>>> OpenSSH_6.6.1* compat 0x04000000 >>>> digitalocean: debug2: fd 3 setting O_NONBLOCK >>>> digitalocean: debug1: Authenticating to ab.xyz.com:971 as 'git' >>>> digitalocean: debug3: put_host_port: [ab.xyz.com]:971 >>>> digitalocean: debug3: send packet: type 20 >>>> digitalocean: debug1: SSH2_MSG_KEXINIT sent >>>> digitalocean: debug3: receive packet: type 20 >>>> digitalocean: debug1: SSH2_MSG_KEXINIT received >>>> digitalocean: debug2: local client KEXINIT proposal >>>> digitalocean: debug2: KEX algorithms: [email protected] >>>> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c >>>> digitalocean: debug2: host key algorithms: >>>> [email protected],[email protected], >>>> [email protected], >>>> [email protected],[email protected] >>>> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa >>>> digitalocean: debug2: ciphers ctos: [email protected] >>>> ,aes128-ctr,aes192-ctr,aes256-ctr,[email protected], >>>> [email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc >>>> digitalocean: debug2: ciphers stoc: [email protected] >>>> ,aes128-ctr,aes192-ctr,aes256-ctr,[email protected], >>>> [email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc >>>> digitalocean: debug2: MACs ctos: [email protected], >>>> [email protected],[email protected], >>>> [email protected],[email protected], >>>> [email protected],[email protected] >>>> ,hmac-sha2-256,hmac-sha2-512,hmac-sha1 >>>> digitalocean: debug2: MACs stoc: [email protected], >>>> [email protected],[email protected], >>>> [email protected],[email protected], >>>> [email protected],[email protected] >>>> ,hmac-sha2-256,hmac-sha2-512,hmac-sha1 >>>> digitalocean: debug2: compression ctos: none,[email protected],zlib >>>> digitalocean: debug2: compression stoc: none,[email protected],zlib >>>> digitalocean: debug2: languages ctos: >>>> digitalocean: debug2: languages stoc: >>>> digitalocean: debug2: first_kex_follows 0 >>>> digitalocean: debug2: reserved 0 >>>> digitalocean: debug2: peer server KEXINIT proposal >>>> digitalocean: debug2: KEX algorithms: [email protected] >>>> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >>>> digitalocean: debug2: host key algorithms: >>>> ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 >>>> digitalocean: debug2: ciphers ctos: >>>> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, >>>> [email protected],[email protected],[email protected] >>>> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, >>>> [email protected] >>>> digitalocean: debug2: ciphers stoc: >>>> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, >>>> [email protected],[email protected],[email protected] >>>> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, >>>> [email protected] >>>> digitalocean: debug2: MACs ctos: [email protected], >>>> [email protected],[email protected],[email protected] >>>> ,[email protected],[email protected], >>>> [email protected],[email protected], >>>> [email protected],hmac-md5,hmac-sha1,[email protected], >>>> [email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, >>>> [email protected],hmac-sha1-96,hmac-md5-96 >>>> digitalocean: debug2: MACs stoc: [email protected], >>>> [email protected],[email protected],[email protected] >>>> ,[email protected],[email protected], >>>> [email protected],[email protected], >>>> [email protected],hmac-md5,hmac-sha1,[email protected], >>>> [email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, >>>> [email protected],hmac-sha1-96,hmac-md5-96 >>>> digitalocean: debug2: compression ctos: none,[email protected] >>>> digitalocean: debug2: compression stoc: none,[email protected] >>>> digitalocean: debug2: languages ctos: >>>> digitalocean: debug2: languages stoc: >>>> digitalocean: debug2: first_kex_follows 0 >>>> digitalocean: debug2: reserved 0 >>>> digitalocean: debug1: kex: algorithm: [email protected] >>>> digitalocean: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 >>>> digitalocean: debug1: kex: server->client cipher: >>>> [email protected] MAC: <implicit> compression: none >>>> digitalocean: debug1: kex: client->server cipher: >>>> [email protected] MAC: <implicit> compression: none >>>> digitalocean: debug3: send packet: type 30 >>>> digitalocean: debug1: expecting SSH2_MSG_KEX_ECDH_REPLY >>>> digitalocean: debug3: receive packet: type 31 >>>> digitalocean: debug1: Server host key: ecdsa-sha2-nistp256 >>>> SHA256:RurlZ68vkLDzi8UiN1CwbAqlD8Ogmxw+E4hxYZ1RU9g >>>> digitalocean: debug3: put_host_port: [4.5.6.7]:971 >>>> digitalocean: debug3: put_host_port: [ab.xyz.com]:971 >>>> digitalocean: debug1: checking without port identifier >>>> digitalocean: debug1: read_passphrase: can't open /dev/tty: No such >>>> device or address >>>> digitalocean: Host key verification failed. >>>> >>>> >>>> Above is the error please help me. >>>> >>>> On Sunday, January 6, 2019 at 2:33:44 AM UTC+5:30, Rickard von Essen >>>> wrote: >>>>> >>>>> I already explained that you can't really do it this way. You get: >>>>> >>>>> digitalocean: Could not open a connection to your authentication agent. >>>>> >>>>> Since the deploy user is not allowed to connect to the ssh agent >>>>> socket owned by the root user. To quote my self: >>>>> >>>>> "when you switch to the deploy user (become_user: deploy) that user >>>>> can't access the Unix socket forwarding the ssh-agent, only root can do >>>>> that since root is the owner of it. >>>>> >>>>> There is no way around that that and my recommendation is that you >>>>> instead let root clone the repo and then move/chown it to deploy." >>>>> >>>>> >>>>> On Fri, Jan 4, 2019, 18:06 Vincent Rubiolo <[email protected] >>>>> wrote: >>>>> >>>>>> Hi Tekchand, >>>>>> >>>>>> Thank you for your response and suggestion. >>>>>>> >>>>>> >>>>>> You're welcome, but you did not try what I had suggested (putting >>>>>> 'pwd' in your git clone command and reporting the output). Can you do >>>>>> that? >>>>>> >>>>>> >>>>>>> Yes...after adding -p 987 in my SSH command getting connection time >>>>>>> out error. I need to fix it first and you are right in my build json >>>>>>> file >>>>>>> the connection part is coming first and then clone part. So now its not >>>>>>> reaching on clone because it fail at SSH connection. >>>>>> >>>>>> >>>>>> I will let you check that with Rickard. >>>>>> >>>>>> Vincent >>>>>> >>>>>> >>>>>> On Wed, Jan 2, 2019 at 10:50 PM Tekchand Dagar <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hello Vincent, >>>>>>> >>>>>>> Thank you for your response and suggestion. >>>>>>> >>>>>>> Yes...after adding -p 987 in my SSH command getting connection time >>>>>>> out error. I need to fix it first and you are right in my build json >>>>>>> file >>>>>>> the connection part is coming first and then clone part. So now its not >>>>>>> reaching on clone because it fail at SSH connection. >>>>>>> >>>>>>> Thanks a lot for your time and support. >>>>>>> >>>>>>> On Thursday, January 3, 2019 at 11:36:48 AM UTC+5:30, Vincent >>>>>>> Rubiolo wrote: >>>>>>>> >>>>>>>> Hi again Tekchand, >>>>>>>> >>>>>>>> On Wed, Jan 2, 2019 at 9:52 PM Tekchand Dagar <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hello Vincent, >>>>>>>>> >>>>>>>>> Thank you for your prompt response. >>>>>>>>> >>>>>>>>> Please refer the attach file of ansible-playbook which us used for >>>>>>>>> clone from git. I am switching the user from root to deploy so when >>>>>>>>> it >>>>>>>>> switch the user deploy then it will go into deploy user home >>>>>>>>> directory. >>>>>>>>> >>>>>>>> >>>>>>>> There is no guarantee about the directory switch being made when >>>>>>>> changing users, this will depend on the internal implementation of the >>>>>>>> 'become' command within Ansible. As you can see at >>>>>>>> https://docs.ansible.com/ansible/latest/user_guide/become.html?highlight=become, >>>>>>>> >>>>>>>> 'become' has 'become_method' which can provide different means to do >>>>>>>> so >>>>>>>> (su, sudo, etc). >>>>>>>> >>>>>>>> For instance, with the 'su' command, it will depend on whether this >>>>>>>> is a login shell ('su' does not switch directories, 'su -' or 'su -l' >>>>>>>> does >>>>>>>> switch directories). >>>>>>>> >>>>>>>> >>>>>>>>> And user deploy have full right to create a file in his/her home >>>>>>>>> directory. I am correct? >>>>>>>>> >>>>>>>> >>>>>>>> You are right _if_ the directory is the 'deploy' user home dir. >>>>>>>> >>>>>>>> I suggest adding a simple call to 'pwd' in your shell 'git clone' >>>>>>>> command to check you are where you expect to be (another way would be >>>>>>>> to do >>>>>>>> a 'touch test_file ./' before running the 'git clone' command). Then >>>>>>>> past >>>>>>>> the output here. >>>>>>>> >>>>>>>> Note that I do not doubt you also have a connection issue (cf your >>>>>>>> unability to connect via ssh), I just think there might be 2 issues, >>>>>>>> with >>>>>>>> the 'permission denied' one masking the other (you have seen that your >>>>>>>> SSH >>>>>>>> connection fails with a timeout for instance, not a permission >>>>>>>> problem). >>>>>>>> >>>>>>>> HTH, >>>>>>>> >>>>>>>> Vincent >>>>>>>> >>>>>>> -- >>>>>>> This mailing list is governed under the HashiCorp Community >>>>>>> Guidelines - https://www.hashicorp.com/community-guidelines.html. >>>>>>> Behavior in violation of those guidelines may result in your removal >>>>>>> from >>>>>>> this mailing list. >>>>>>> >>>>>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>>>>> IRC: #packer-tool on Freenode >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Packer" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/packer-tool/1729b8d5-9da1-4050-900a-8f473899d734%40googlegroups.com >>>>>>> >>>>>>> <https://groups.google.com/d/msgid/packer-tool/1729b8d5-9da1-4050-900a-8f473899d734%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> -------- >>>>>> *Vincent Rubiolo* >>>>>> Senior Platform Engineer >>>>>> www.datameer.com >>>>>> Slack: Vincent >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Datameer, Inc. >>>>>> 577 2nd Street, Suite 200, San Francisco, CA 94107 >>>>>> >>>>>> -- >>>>>> This mailing list is governed under the HashiCorp Community >>>>>> Guidelines - https://www.hashicorp.com/community-guidelines.html. >>>>>> Behavior in violation of those guidelines may result in your removal >>>>>> from >>>>>> this mailing list. >>>>>> >>>>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>>>> IRC: #packer-tool on Freenode >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Packer" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/packer-tool/CADZPgZdai1dxXkfNZXscmbrh69%2B2xBBBRD-qjFqZEQaK%2BtMh3g%40mail.gmail.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/packer-tool/CADZPgZdai1dxXkfNZXscmbrh69%2B2xBBBRD-qjFqZEQaK%2BtMh3g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> -- >>>> This mailing list is governed under the HashiCorp Community Guidelines >>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>> violation of those guidelines may result in your removal from this mailing >>>> list. >>>> >>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>> IRC: #packer-tool on Freenode >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Packer" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/packer-tool/a5f609e0-e9a4-4a4c-b003-fca3c7a2863d%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/packer-tool/a5f609e0-e9a4-4a4c-b003-fca3c7a2863d%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/mitchellh/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Packer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/packer-tool/4ed9574b-9365-48f7-aa39-0a3ac5a6b0db%40googlegroups.com >> >> <https://groups.google.com/d/msgid/packer-tool/4ed9574b-9365-48f7-aa39-0a3ac5a6b0db%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/43742167-15d2-48cd-8c8c-88ee3f74e375%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
