0

I have provisioned a server with ansible and now I would like to clone a private git repo (not github).

So my local machine's ssh key is authorized on the private git repo and what I have done up till now is copy my local public and private ssh key to the server.

But I feel this is not the best way to go about it.

I know if you are using github you can use the API to create a deploy key. But I am not.

So the only other way I can see is:

  1. Generate ssh key-pair on new server
  2. Copy that newly created ssh key-pair locally with fetch
  3. ssh-copy-id or use authorized_keys to add the servers key to the private git repo

Is there something I am missing, can it be done in another easier way?

tread
  • 10,133
  • 17
  • 95
  • 170
  • "Is there something I am missing, can it be done in another easier way?" - You mean besides using ansible to automate the 3 steps you describe (ssh-keygen, copy pubkey locally, append pubkey to private git's `authorized_keys`) and run it as a playbook? – Marc Tamsky Nov 08 '15 at 08:30
  • What, exactly, do you think is wrong with those described steps? – ydaetskcoR Nov 09 '15 at 08:14

1 Answers1

1

You haven't described what your constraints are, and haven't mentioned if you're comfortable creating additional keys and managing them within your private git repo.

Another possible option:

  1. Setup ssh-agent and add your personal key to it before running ansible, and forward your agent to the remote host when you run ansible.

For that solution: SSH Agent Forwarding with Ansible for more details.

Community
  • 1
  • 1
Marc Tamsky
  • 794
  • 5
  • 9
  • Well I'm looking for a best practise, though that kind of thing is frowned upon here – tread Nov 07 '15 at 11:37
  • What's wrong with adding a `deploy` key with readonly permissions in your `private git repo`, and placing that on the remote server? – Marc Tamsky Jan 24 '17 at 19:37