ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory Permission denied, please try again
Asked Answered
Z

4

7

I want to run pipline on Bitbucket. I made all the necessary settings. I installed ssh_askpass. I am using Ubuntu 18.

However, I am getting the error below.

ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory
Permission denied, please try again.

My bitbucket-pipelines.yml file:

pipelines:
  default:
    - step:
        deployment: staging
        caches:
          - composer
        script:
          - ssh -T [email protected]
          - eval `ssh-agent -s` && ssh-add ~/.ssh/id_rsa && ssh-add -l
          - cd /var/www/backoffice/
          - git checkout master 
          - git pull origin master 
          - sudo php artisan optimize 
          - sudo composer dump-autoload
          - echo 'Deploy finished....'
Zepeda answered 24/8, 2020 at 17:6 Comment(1)
What are you trying to accomplish? IIRC, ssh-askpass is aimed toward GUI users so they can enter their passphrase in a more friendly way. I'm not sure it makes sense for what you're doing. If anything, it seems like you should be using ssh's authorized_keys file to help with deployment. Even better would be to have some sort of webhook listener that could be tipped off and do the deployment, but you might not get all the feedback you want.Pyramidon
P
3

You aren't going to be able to use any sort of GUI program like ssh-askpass on a CI system because on Linux CI systems there is no GUI available.

If you want to use an SSH key in a CI system, you should use one that does not have a password set and store it in your CI system's secret store, then copy it to a file and use it. OpenSSH intentionally does not provide a way to programmatically read a password.

Note that if you have only one SSH key without a password, you don't need ssh-agent or ssh-add at all. Assuming the contents of your private key are in the variable SSH_KEY (e.g., due to your CI system's secret store), you can simply do this:

echo "$SSH_KEY" > ~/.ssh/id_rsa
ssh [email protected] 'echo hello from the remote machine`

You won't want to run ssh without a command since that will try to start an interactive session, which won't be useful to you. If your goal is to use Git to push and pull over an SSH connection, then you don't need to run ssh at all.

Finally, note that you will probably want to write the remote system's host key information into a file as part of your pipeline, either from your pipeline or a secret, because SSH won't connect if the host key isn't trusted. You can obtain this information by running a command like this: ssh-keyscan github.com 2>/dev/null. You can then take that output and insert it into your known_hosts file like this:

echo "github.com ssh-rsa AAAA...truncated" > ~/.ssh/known_hosts

This is far more secure than turning off strict host key checking.

Pegeen answered 25/8, 2020 at 0:47 Comment(2)
Thank you for answer. I dont know why using the "ssh_askpass". I am using Bitbucket. I want to make a Pull-Request after the push is done. I'm still getting the error. I could not find a serious answer on the internet.Zepeda
That's a totally separate question, so please ask it in a new question. There isn't possibly space for me to answer it in the comments.Pegeen
M
1

When you configure pipeline deployments through Bitbucket you need to make sure you've updated Bitbucket with the fingerprint of each server. I recently discovered if you fail to do that you get ssh_askpass error, which is a little misleading.

To add the server fingerprint, go to "Repository Settings", then scroll down to the "Pipeline" section on the left and click "SSH Keys".

On the SSH Keys page, scroll to the bottom and you'll see a section titled "Known hosts".

Enter the IP address for the server and click the "Fetch" button to have Bitbucket fetch the fingerprint. Wait a second and it will populate the finterprint in the textbox just to the right of the host address. Once that's done click the button to add the host to the Known Hosts list.

You also need to setup the SSH keys but based on the error you're seeing, I'm betting you already did that part.

Marianelamariani answered 10/4, 2022 at 22:59 Comment(0)
S
0

I experienced a similar error using VS Code communicating with a git repository on a local build of Azure DevOps Server. I fixed the problem by

  1. Replacing the ssh url with a http url in the .git/config file.
#unedited
[remote "origin"]
    url = ssh://X.X.X.X:22/theproject/_git/serverThing
    fetch = +refs/heads/*:refs/remotes/origin/*
|update
|this
V
#edited
[remote "origin"]
    url = http://X.X.X.X/theproject/_git/serverThing
    fetch = +refs/heads/*:refs/remotes/origin/*
  1. Performing a $ git fetch. Entered username and password here.

  2. Then changing the .git/config file back to the ssh url.

#edited for resetting known_host key file.
[remote "origin"]
    url = http://X.X.X.X/theproject/_git/serverThing
    fetch = +refs/heads/*:refs/remotes/origin/*
|update
|this
V
#final form
[remote "origin"]
    url = ssh://X.X.X.X:22/theproject/_git/serverThing
    fetch = +refs/heads/*:refs/remotes/origin/*
  1. Perform another $ git fetch - This results in updating the .ssh/known_host key file.
The authenticity of host 'X.X.X.X (X.X.X.X)' can't be established.
RSA key fingerprint is SHA256:noisehash.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'X.X.X.X' (RSA) to the list of known hosts.

I hope this helps.

Semitone answered 12/9, 2022 at 17:15 Comment(0)
R
0

Frigging bitbucket pipelines!

I was running into this very same issue as I was adding some verification code that would check whether a remote repository had an appropriate tag present (the two repos have dependencies and the tags are used to track that). I had all the SSH keys configured and whatnot, but the environment kept triggering the ssh_askpass code. I was pulling my hair out!

Turns out, the default bitbucket pipeline environment sets DISPLAY=:99!

ssh will attempt to execute ssh_askpass if either the SSH_ASKPASS environment variable is set, or there is no terminal present and the DISPLAY environment variable is set! ARGH!

Why on earth would the pipeline environment set the DISPLAY variable?!

Simple enough fix, just unset DISPLAY before calling your ssh or git with ssh repo URL's!

Ruche answered 30/8 at 2:30 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.