post-update to ssh remote live server and pull master branch problem

I have a situation where for size limitations, I can't host the bare repository on the same server as a particular website. So I've setup a bare repository on server A which I want to push the master branch too when happy that the update is good. In the hooks/post-update it s开发者_Go百科hould ssh to the live server and pull the master branch.

I've generated a public ssh key on the live server, authorized it and copied the public key into /var/www/.ssh/authorized_keys file on the bare repo server. Bascially done everything on this site here

But it's failing when attempting to authenticate to the live server.

The post-update looks like this :

ssh liveuser@liveserver.com

cd cd/path/to/site/.git || exit
git pull bare master
exit

I get this message

$ git push server master
userForBare@www.ServerAAddress.com's password:
Counting objects: 5, done.
Delta compression using up to 3 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 279 bytes, done.
Total 3 (delta 2), reused 0 (delta 0)
remote:
remote: *** Pulling changes into Live [Live's post-update hook] ***
remote:
remote: Permission denied, please try again.
remote: Permission denied, please try again.
remote: Permission denied (publickey,gssapi-with-mic,password).
remote: fatal: The remote end hung up unexpectedly
To ssh://userForBare@www.ServerAAddress.com/var/git/websiteToUpdate.git
   b251909..883d129  master -> master

You seem to run git pull on live, which means the live will ssh back into www.ServerAAddress.com. So there are 2 sshs that need to use passphrase-less public key for authentication and one of them is not correctly authorized:

1. ssh from "A" ("bare") to "live" needs private key (.ssh/id*) stored on "A" and public key (in .ssh/authorized_keys) on "live".
2. ssh from "live" back to "A" (inside the git pull) needs private key stored on "live" and public key on "A". The keys should be different.

The locations on the servers are probably different. The files on "A" need to be in userForBare's home, while files on "live" need to be in home of www user.

Look in the logs (ssh usually logs into /var/log/auth or /var/log/security) and check that it's actually finding the public keys it's supposed to and that it's willing to read it:

• Many setups will not have /var/www as $HOME of the www user, so you may need to place the .ssh/authorized_keys elsewhere.
• ssh refuses to read anything $HOME/.ssh/ if the file or any directory up to root is writable by anybody except that user or root, so if e.g. /var/www is group-writable, ssh will reject /var/www/.ssh/authorized_keys as possibly compromised.