Hello,
Some context:
- I have a Lambda which makes use of the system manager to call a command on the ec2 instance to run a script.
- The code which calls the systems manager:
def run_commands(instance_id): ssm = boto3.client('ssm',region_name='eu-west-1') commands = [ "sh /home/ubuntu/eventor-crawler/runEventCrawler.sh" ] response = ssm.send_command( InstanceIds=[instance_id], DocumentName="AWS-RunShellScript", Parameters={'commands': commands}, TimeoutSeconds=3600 )
The runEventCrawler.sh script runs commands to checkout the main branch of my repo and pull the changes like so:
#!/bin/bash
CRAWLER_DIR="/home/ubuntu/eventor-crawler"
HOME="/home/ubuntu"
SSH_KEY="/home/ubuntu/.ssh/id_rsa"
export HOME
chmod 600 "$SSH_KEY"
ssh-keyscan -H github.com >> /home/ubuntu/.ssh/known_hosts
git config --global --add safe.directory "$CRAWLER_DIR"
cd "$CRAWLER_DIR"
git remote -v >> "$LOG_FILE" 2>&1
ssh -vT git@github.com >> "$LOG_FILE" 2>&1
I can't find any related issues and I've fallen on many dead ends so any input is valued.
cd "$CRAWLER_DIR"
git checkout main
if [ $? -ne 0 ]; then
echo "Failed to checkout main branch" >> "$LOG_FILE"
exit 1
fi
git pull origin main
if [ $? -ne 0 ]; then
echo "Failed to pull latest changes from main" >> "$LOG_FILE"
exit 1
fi
echo "Checked out main and pulled latest changes"
When I run this script on the EC2 instance it runs just fine. However when I run it from the Lambda which calls the Systems manager I get the error
Identity added: /home/ubuntu/.ssh/id_rsa (ubuntu@ip-172-31-3-219)
Already on 'main'
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
failed to run commands: exit status 1
Debug error log:
debug1: Reading configuration data /etc/ssh/ssh_config^M
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files^M
debug1: /etc/ssh/ssh_config line 21: Applying options for *^M
debug1: Connecting to github.com [4.208.26.197] port 22.^M
debug1: Connection established.^M
debug1: identity file /root/.ssh/id_rsa type -1^M
debug1: identity file /root/.ssh/id_rsa-cert type -1^M
debug1: identity file /root/.ssh/id_ecdsa type -1^M
debug1: identity file /root/.ssh/id_ecdsa-cert type -1^M
debug1: identity file /root/.ssh/id_ecdsa_sk type -1^M
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1^M
debug1: identity file /root/.ssh/id_ed25519 type -1^M
debug1: identity file /root/.ssh/id_ed25519-cert type -1^M
debug1: identity file /root/.ssh/id_ed25519_sk type -1^M
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1^M
debug1: identity file /root/.ssh/id_xmss type -1^M
debug1: identity file /root/.ssh/id_xmss-cert type -1^M
debug1: identity file /root/.ssh/id_dsa type -1^M
debug1: identity file /root/.ssh/id_dsa-cert type -1^M
debug1: Local version string SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13^M
debug1: Remote protocol version 2.0, remote software version babeld-33961236^M
debug1: compat_banner: no match: babeld-33961236^M
debug1: Authenticating to github.com:22 as 'git'^M
debug1: load_hostkeys: fopen /root/.ssh/known_hosts: No such file or directory^M
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory^M
debug1: SSH2_MSG_KEXINIT sent^M
debug1: SSH2_MSG_KEXINIT received^M
debug1: kex: algorithm: curve25519-sha256^M
debug1: kex: host key algorithm: ssh-ed25519^M
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none^M
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none^M
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY^M
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: <key>
debug1: load_hostkeys: fopen /root/.ssh/known_hosts: No such file or directory^M
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory^M
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory^M
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory^M
debug1: hostkeys_find_by_key_hostfile: hostkeys file /root/.ssh/known_hosts does not exist^M
debug1: hostkeys_find_by_key_hostfile: hostkeys file /root/.ssh/known_hosts2 does not exist^M
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not exist^M
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist^M
debug1: read_passphrase: can't open /dev/tty: No such device or address^M
Okay so it seems the issue is that the command is being run as the root user. However I want to run it as an ubuntu user. I can't find much documentation around how to do this