How to run a sudo command, remotely, trough SSH, using an IdentityFile?

Question

I'm trying to trigger an executable file 'post-receive', after pushing some changes to a git repo on a remote machine. Within this file are some commands that require elevated privileges, such as:

sudo -S rm -f $HOME/.build
sudo -S rm -f $HOME/Packages

I've added a remote to my local repo:

git remote add live ssh://dev@ip/home/dev/app/.git

So I can push changes to my remote repo, like this:

git push live master

The 'post-receive' file executes, whenever I push.

However, a password is requested for sudo commands within the 'post-receive' file.

remote: [sudo] password for dev: Sorry, try again.
remote: [sudo] password for dev: 
remote: sudo: 1 incorrect password attempt
remote: [sudo] password for dev: 
  • An unexpected event, had I not configured my access trough ssh keys and specified my identity file.

Locally I have setup my SSH keys:

~/.ssh/id_rsa
~/.ssh/id_rsa.pub

Then, I've copied the local '~/.ssh/id_rsa.pub' file contents into the remote '~/.ssh/authorized_keys' file.

I've also setup a 'config' file, locally, specifying the location of my identity:

HostName ip
IdentityFile ~/.ssh/id_rsa

At this point, I'm able to ssh into the remote machine, without any passwords, like this:

ssh dev@ip

This was already expected, however, when pushing changes to my remote repo:

git push live master

...it asks me for a password when running the remote 'post-receive' file.

  • Why am I asked for this password?
  • What step am I not seeing clearly?

Running:

  • OS X El Capitan locally
  • Ubuntu 16.04.1 LTS remotely

Following the Digital Ocean Deployment Tutorial


Show source
| linux   | git   | shell   | githooks   | command-line   2017-01-01 12:01 1 Answers

Answers to How to run a sudo command, remotely, trough SSH, using an IdentityFile? ( 1 )

  1. 2017-01-01 12:01
    1. This has nothing to do with GIT or SSH. Linux distributions by default require any user running a sudo command, even if they have permissions, to enter the password. This can be overridden (see below).

    2. The step to override this :)

    Check this answer for example.

    You need to add a NOPASSWD directive in your sudoers file for the relevant user. Modified from that answer:

    dev ALL = NOPASSWD: ALL
    

    You could replace ALL with a specific command for safety.

Leave a reply to - How to run a sudo command, remotely, trough SSH, using an IdentityFile?

◀ Go back