ansible
Cannot sync any GitHub or GitLab repo using SSH
Please confirm the following
- [X] I agree to follow this project's code of conduct.
- [X] I have checked the current issues for duplicates.
- [X] I understand that AWX is open source software provided for free and that I might not receive a timely response.
- [X] I am NOT reporting a (potential) security vulnerability. (These should be emailed to
[email protected]instead.)
Bug Summary
Hello, I have a clean AWX installation and have Im unable to sync any (private/public) repo from Github using SSH keys. Here the steps I did:
- Created an SSH key with ssh-keygen -t ed25519
- Uploaded the public key to Github
- Created credentials in AWX, type Source control, no username and password, uploaded the private SSH key
- Created a project to sync public repo using [email protected]:ansible/ansible.git and my created credentials. On project sync it always fails with: `Identity added: /tmp/awx_60_ln4iooqu/artifacts/60/ssh_key_data ([email protected])
PLAY [Update source tree if necessary] *****************************************
TASK [Delete project directory before update] ********************************** ok: [localhost]
TASK [Update project using git] ************************************************ fatal: [localhost]: FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote [email protected]:ansible/ansible.git -h refs/heads/HEAD", "msg": "[email protected]: Permission denied (publickey,password).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "[email protected]: Permission denied (publickey,password).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": ["[email protected]: Permission denied (publickey,password).", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "", "stdout_lines": []}
PLAY RECAP *********************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
`
I have no clue why.
When I do git clone from my underlying Linux and the same key, all works fine.
AWX version
23.5.1
Select the relevant components
- [X] UI
- [ ] UI (tech preview)
- [ ] API
- [ ] Docs
- [ ] Collection
- [ ] CLI
- [ ] Other
Installation method
kubernetes
Modifications
no
Ansible version
core 2.15.8
Operating system
Ubuntu
Web browser
No response
Steps to reproduce
- Created an SSH key with ssh-keygen -t ed25519
- Uploaded the public key to Github
- Created credentials in AWX, type Source control, no username and password, uploaded the private SSH key
- Created a project to sync public repo using [email protected]:ansible/ansible.git and my created credentials.
Expected results
Repo is being synced
Actual results
Repo is not synced and the connection fails with Permissions denied.
Additional information
No response
Tested also with GitLab, completely the same error message. From Linux again working fine.
I seem to have the same issue. But every once in a while, a random retry succeeds.
Hi @Gibonnn
I'm a little confused by your request and what you are trying to achieve.
Firstly, you cannot authenticate against repository with ssh unless you own the repository. Otherwise, you must use the https protocol.
So unless you are a member of ansible/ansible.git it won't work for you.
Apologies if I have misunderstood your request.
[awx@localhost-live src]$ git clone [email protected]:ansible/ansible.git
Cloning into 'ansible'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Hi Dave, sorry if my description or image was wrong. Let me start again. I have a repo on Github that I own - [email protected]:Gibonnn/ansible.git I have added my public key to my Github account and my private key to the Credentials in AWX. When I try to sync the procect, I get following output:
Identity added: /tmp/awx_99_cxecevxe/artifacts/99/ssh_key_data (admin@awx) PLAY [Update source tree if necessary] ***************************************** TASK [Delete project directory before update] ********************************** ok: [localhost] TASK [Update project using git] ************************************************ fatal: [localhost]: FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote [email protected]:Gibonnn/ansible.git -h refs/heads/HEAD", "msg": "[email protected]: Permission denied (publickey,password).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "[email protected]: Permission denied (publickey,password).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": ["[email protected]: Permission denied (publickey,password).", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "", "stdout_lines": []} PLAY RECAP ********************************************************************* localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Note tha line 1 which says identity added. But also note the error message - Permission denied (publickey,password). It says publickey,password. It seems to me like AWX is not trying to push the private key to Github.
When I do the same from the Linux, works fine. I have no clue what might be wrong. Thanks
@Gibonnn Thanks for the follow-up.
Since you have 2 issues open around connectivity issues in relation to this "setup" and it "works as expected in Linux", it seems to me we're dealing with an environmental issue on this setup you are referencing.
GitHub has a help topic around this, which seems mundane, but only through a process of elimination are we going to be able to resolve this. https://docs.github.com/en/authentication/troubleshooting-ssh/error-permission-denied-publickey
Using these instructions, can you follow the steps to debug on the host, and if using containers or other virtualized method, in that environment also.