3

I'm trying to build a private apt repository using reprepro. I managed to get password-less SSH login after creating a SSH key chain. I can successful login to the repository if I SSH into it.

On the client machine I added the repository in the apt sources list like: 

deb ssh://repo@192.168.60.128:/home/repo/repos/apt/ubuntu xenial main

But when I try to use apt-get update, I still need to enter the password otherwise it won't proceed. It only shows:

100% [Connecting to repo@192.168.60.128]

Is there a way that apt can use my key get access to the repository without entering a password?

amc
  • 7,142
Guy Liqui Lung
  • 41

2 Answers2

1

I solved this problem by creating a ssh key as root on the client machine. After that i needed to add this public key to the authorized_keys on the ubuntu server machine. Now I can make use of the apt repository using ssh with the keys without entering a password.

Guy Liqui Lung
  • 41
0

You need to add the command to /etc/sudoers. Have a look at this How do I run specific sudo commands without a password?

Another option is to ssh passwordless with the root user but, it's generally considered a very bad idea. How to setup passwordless SSH access for root user

In your repo, become root with sudo su and then run this command:

echo "%sudo ALL=NOPASSWD: /usr/bin/apt-get" >> /etc/sudoers

This will allow any user to run apt-get without password. This command is used to upgrade, but it can also be used to install/uninstall packages... be careful. I think it would be better to use the password or enable automatic updates in the server.

Community
  • 1
Katu
  • 3,593
  • 26
  • 42
  • Thanks for your answer, unfortunately I still can't update without entering the password of the ssh repo. I tried this:

    sudo visudo guy guy-rcs=(root)NOPASSWD:/usr/bin/apt-get update,/usr/bin/apt-get upgrade

     – Guy Liqui Lung Oct 06 '16 at 09:23
  • Undo your changes and check my edit and see if it helps. You don't need to specify update and upgrade at the end, the apt-get command will run passwordless with any argument. – Katu Oct 06 '16 at 09:32
  • Tried your new command on the client side and on the server side. I can't run apt-get without sudo. I hope you can help me. – Guy Liqui Lung Oct 06 '16 at 09:46
  • You should be able to run apt-get with sudo but without a password. It worked for me. Check all the steps carefully and I hope you can solve it. – Katu Oct 06 '16 at 10:12
  • Tried it out this is when I try to apt-get update after your instructions 'guy@guy-rcs:~$ apt-get update E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied) E: Unable to lock directory /var/lib/apt/lists/ E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied) E: Unable to lock the administration directory (/var/lib/dpkg/), are you root? ' – Guy Liqui Lung Oct 07 '16 at 07:19
  • you have to put guy@guy-rcs:~$ sudo apt-get update and if you've done the rest, it won't ask for a password. – Katu Oct 07 '16 at 09:55