Comments (7)
If you have to use ssh (you can't use https with Bitbucket?) – then yes, you should just be able to add the Bitbucket hosts to the known_hosts file. You won't need the github.com addresses in there (unless you want to keep them) – but all the other commands would be the same
from git-lambda-layer.
I was able to add the Bitbucket hosts to the known_hosts file, however, I still can't connect (using SSH). I replaced the private key with my own private key. and I'm getting this error:
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights`
I have added the ssh key to bitbucket and I can't connect to ssh [email protected] using the ssh private key that I deploy to this layer.
Just in case you have an idea, here's the complete verbose ssh output:
I'll continue to investigate and will report back.
`OpenSSH_6.6.1, OpenSSL 1.0.1k-fips 8 Jan 2015
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug2: ssh_connect: needpriv 0
debug1: Connecting to bitbucket.org [18.205.93.0] port 22.
debug1: Connection established.
debug1: SELinux support disabled
Could not create directory '/home/sbx_user1092/.ssh'.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/tmp/id_rsa" as a RSA1 public key
debug1: identity file /tmp/id_rsa type 1
debug1: identity file /tmp/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version conker_1.1.31-8625750 app-128
debug1: no match: conker_1.1.31-8625750 app-128
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "bitbucket.org" from file "/tmp/known_hosts"
debug3: load_hostkeys: found key type RSA in file /tmp/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128
debug2: kex_parse_kexinit: [email protected],hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: kex_parse_kexinit: [email protected],hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup [email protected]
debug1: kex: server->client aes128-ctr [email protected] none
debug2: mac_setup: setup [email protected]
debug1: kex: client->server aes128-ctr [email protected] none
debug1: kex: [email protected] need=32 dh_need=32
debug1: kex: [email protected] need=32 dh_need=32
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
debug3: load_hostkeys: loading entries for host "bitbucket.org" from file "/tmp/known_hosts"
debug3: load_hostkeys: found key type RSA in file /tmp/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "18.205.93.0" from file "/tmp/known_hosts"
debug3: load_hostkeys: found key type RSA in file /tmp/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /tmp/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /tmp/id_rsa (0x55b6f8cf4a50), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /tmp/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp b7:15:20:ec:1c:aa:cb:d5:f1:42:0c:0e:b2:e3:8d:30
debug3: sign_and_send_pubkey: RSA b7:15:20:ec:1c:aa:cb:d5:f1:42:0c:0e:b2:e3:8d:30
debug1: key_parse_private2: no end marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: read_passphrase: can't open /dev/tty: No such file or directory
debug2: no passphrase given, try next key
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
from git-lambda-layer.
There's something wrong with the key by the looks of it, this line is the error:
Could not load "/tmp/id_rsa" as a RSA1 public key
(You can ignore the Could not create directory '/home/sbx_user1092/.ssh'.
warning)
from git-lambda-layer.
I suspect you haven't got the key formatted correctly. Instead of manipulating strings, you could try uploading the key with your lambda function (ie, in your zip file) – and then copy it to /tmp and change the permissions in your function. ie:
cp /var/task/id_rsa /tmp/id_rsa
chmod 400 /tmp/id_rsa
from git-lambda-layer.
(that's not necessarily a good long-term solution – it would be better to have your key in SSM or Secrets Manager – but just to debug the problem it might be useful)
from git-lambda-layer.
So I was getting the key from SSM and it was causing the issue. When I pasted it directly it worked. We can consider it closed! Thanks a bunch.
from git-lambda-layer.
Might be something to do with newlines in the string coming from SSM – can be tricky to upload multiline strings
from git-lambda-layer.
Related Issues (20)
- Nodejs12 doesn't seem to be working with layer v3? HOT 2
- Lambda nodejs12.x - Permission denied (Public Key) HOT 2
- Could you add the build process? HOT 3
- File too short on shared library libpcre2-8.so.0 HOT 6
- Add support for git lfs HOT 4
- Cannot load PCRE HOT 6
- AccessDeniedException on Gov Cloud? HOT 4
- Python import git module error for AWS Lambda HOT 1
- Lambda -> Git SSH Authentication HOT 13
- Could not deploy because lambda with layer exceeded 250 mb... HOT 3
- How to use "git push" ? HOT 7
- Support for GIT v2.30.2 because of Security Vulnerability HOT 3
- [Question] Uploading my own zip file HOT 5
- Support for using layer.zip with AWS Lambda containers HOT 7
- Support for using aws cli executable
- clone with ssh protocol hit issues
- Support for arm64 lambdas HOT 3
- How can I create my own layer? HOT 4
- using layer with python in Lambda function HOT 2
- Update to latest versions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from git-lambda-layer.