I can clone a project as follows:
$ git clone git@mysite.com:root/myproject.git ~/bla
But now I wish to clone it to /var/www
. So I try
$ git clone git@mysite.com:root/myproject.git ~/var/www
But alas, I do not have permission to write to /var/www
. Sudo to the rescue!
$ sudo git clone git@mysite.com:root/myproject.git ~/var/www
Cloning into 'www'...
git@mysite.com's password:
What's this? I am being asked for a password? We shouldn't need no stinking passwords!
I am obviously sending the root user's ssh keys with the request, and as they have not been imported to the git repository, I am being denied. In the past, my solution has been to temporarily change permissions of the folder or first clone it somewhere I have access and then move it using sudo, but would like to learn the right way to do so.
So… How do I use git with my normal user's ssh keys but sudo file permissions?
Best Answer
If you have a
ssh
agent running, do:That basically tells the
git
command started byroot
(or thessh
command started by thatgit
command) to use yourssh
agent (how to connect to it, whichroot
should be able to as it has every right).If you don't have a ssh agent running, you can start one beforehand with:
(and add keys to it as needed with
ssh-add
).Alternatively, you can use
To pass every environment variable across
sudo
, not just$SSH_AUTH_SOCK
.I would not got with @NgOon-Ee's suggestion in comment to add
$SSH_AUTH_SOCK
to theenv_keep
list. In general, you don't want to polluteroot
's environment, as that's the user you start services as. For instancesudo sshd
to start asshd
service would mean allssh
sessions started through that service would inherit your$SSH_AUTH_SOCK
, polluting users environment with something they can't and shouldn't use. Even for other target users thanroot
, passing that variable across would not make sense as the target user couldn't make use of that authentication agent.Now, that only addresses key authentication. If you also wanted
root
to inherit your settings in your~/.ssh/config
, you could not do that withssh
environment variables, but you could do that withgit
environment variables. For instance, defining asugit
function as:That is, tell
git
to use assh
command that uses your ssh config file and agent and username instead of root's.Or maybe even better, tell
git
to runssh
as the original user: