> The error is a git error where it can't verify the cert for your source
> repo.
Good guess, but he's not using an HTTPS remote, but an SSH remote:
> git clone git@xxxxxxxxxx:Neilpang/le.git
Cloning into 'le'...
Host key verification failed.
Host key verification failed indicates that it couldn't validate the host
key of the remote github ssh server. First I'll tell you how to fix the
problem and then tell you why it probably isn't going to help.
So how to fix? Well, if you had been running the git clone from SSH you
would have seen something like:
Initialized empty Git repository in /var/git/secret-project.debuggable.com/.git/
The authenticity of host 'github.com (65.74.177.129)' can't be established.
RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
Are you sure you want to continue connecting (yes/no)?
You type yes to validate the host key and everything is hunky-dory.
HOWEVER, based on the output of the I can only assume it was run in
QSH/QP2TERM (the '>' prompt and indented output are a giveaway). In this
case, the spawned ssh process that git is using to read the remote
repository has no way to ask for the response, because QSH/QP2TERM do not
provide access to a TTY. You run in to the same issue when attempting to
use password authentication with scp/sftp in these environments because
they have no way to read the password from the user.
So, to solve this you need to add the remote server's key fingerprint to
~/.ssh/known_hosts. You can do this by manually running ssh to the host
(eg. ssh git@xxxxxxxxxx) and answering "yes" to trust it or you can
blindly trust it and just run the command ssh-keyscan github.com >>
~/.ssh/known_hosts
Normally for cloning someone else's repo you would use the HTTPS url
instead. I did not realize that GitHub allowed public SSH git clones
(maybe it's new), but certainly if you do not have a GitHub account set up
with SSH keys the clone is going to fail with:
-bash-4.3$ git clone git@xxxxxxxxxx:Neilpang/le.git
Cloning into 'le'...
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Instead, you should use the HTTPS url:
https://github.com/Neilpang/le.git
(now actually
https://github.com/Neilpang/acme.sh.git)
Now, then you can either use Jack's suggestion to disable SSL CA
validation *or* you can add the GitHub SSL CA to your OpenSSL certificate
store. I wrote a script to do that easily:
https://gist.github.com/kadler/547bb36ddadb9bfec3ff9c16a164a148#gistcomment-2389108
>
> And set your user shells in PASE to /QOpenSys/pkgs/bin/bash
>
> Your ~/.profile:
>
> # Optional test if needed to detect if we're in a PASE shell
> # /QSYS.LIB/QSHELL.LIB/UNAME.PGM > /dev/null 2>&1
> # if [ $? != 0 -a "$SHELL" != "/QOpenSys/pkgs/bin/bash" ]
> # then
> # exec /QOpenSys/pkgs/bin/bash
> # fi
> if [ -n "$BASH_VERSION" ]; then
> # include .bashrc if it exists
> if [ -f "$HOME/.bashrc" ]; then
> . "$HOME/.bashrc"
> fi
> fi
Much better to use the support for setting your SSH shell:
[1]
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Updates/page/QSYS2.SET_PASE_SHELL_INFO%20Procedure
Also, don't do the above if you're using QP2TERM and using Bash 4.4 from
yum. The newer GNU readline does not play nicely in a 5250 and it only
reads part of the command you run and if you hit enter again, it gets the
rest:
> pwd
p
>
wd
/home/kadler
bash-4.4$
bash-4.4$
> Toto, I have a feeling we're not in Kansas anymore :)
Certainly not!
References
Visible links
1.
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Updates/page/QSYS2.SET_PASE_SHELL_INFO%20Procedure
midrange.com
