Script a Git Push Via SSH | How to

Git Push Via SSH | Howto Script

Using SSH you want to script a git clone, a git commit and a git push.

There are 3 steps to script changing a git repository via the ssh protocol. We create a SSH key pair, configure the backend git server (adding the public key), and then configure the front end git client (adding the private key).

Steps | Setup SSH for Scripts to Git Commit

The 3 steps required to script a git push via SSH are

  1. Create a SSH Key Pair – Public and Private Key
  2. Configure Backend Git Server | GitLab
  3. Configure Frontend Git Push Script via SSH


Step 1 | Create a SSH Key Pair

Run the ssh key generator command on any Linux (Ubuntu) command line.

  • ssh-keygen -t rsa -C "DevOps Script Git Repo Key"
  • press enter 3 times (accept defaults)
  • echo the public key cat .ssh/
  • copy and paste it in the GitLab step below.

Do not set a passphrase. It evokes a prompt and will prevent your script running hands free.


Step 2 | Configure Backend Git Server | GitLab

This article uses GitLab as the backend git server. Even if you use GitHub, BitBucket or a plain old git repository, the key pair and front end script steps do not change. At a high level we do 3 things.

  1. create a GitLab script user called DevOps Script
  2. link the user to a git repository project
  3. add a SSH public key to bind the project and user

The front end SSH configuration authenticates and proves to the backend git server that the user is authorised to change the repository. The steps within gitlab are

  • login to GitLab with username root
  • click on Users then on New User
  • enter name DevOps Script and username devops-script
  • enter an unused email address
  • Uncheck Can Create Groups and untick External
  • click on Create User
  • click on Impersonate then Browse Projects then All
  • click on the project that script commit access is required
  • click on Add an SSH Key
  • copy paste the public key from ~/.ssh/
  • click on Add Key

We must make the Script User a Member of the project(s) with Developer status so that it can check in software.

  • login to GitLab with username root
  • on the top right we Go to the Admin Area
  • we select Projects and find our Project
  • we click to Edit the project
  • click on Members (next to General)
  • click Select Members to Invite
  • choose the Developer role permission
  • the click Add to Project

That’s the GitLab steps done. You’ve got a script user – that user has an SSH public key stored against the project(s) you want them to push to. And the project in turn lists the script user as a Member.

The Git server side is done and we are ready to configure the Git (client side) workspace.


Step 3 | Configure Frontend Git Push Script via SSH

The goal here is to script a git push that uses the SSH private key – not passwords.

Like old ladies on a bus, both SSH and Git love to prompt and ask us questions. To avoid these prompts we need to

  1. switch off strict host checking if connecting locally
  2. map SSH IdentityFile to our privae key pem file
  3. create an entry in ~/.ssh/known_hoss
  4. configure the git and

Add this file | ~/.ssh/config

Put this file into ~/.ssh/config

    Host gitlab.server
    StrictHostKeyChecking no
    IdentityFile /home/squirrel/gitlab.laundry4j.private.key.pem

This file tells SSH where the private key file is. It also prevents the SSH “dubious hostname” warning – if you don’t need then set StrictHostKeyChecking to yes.

Git SSH | Configuration Assumptions

The assumptions before configuring the git frontend workspace for the SSH script are that

  1. the user is squirrel in /home/squirrel
  2. the private key is in /home/squirrel/gitlab.laundry4j.private.key.pem
  3. the private key chmod permissions are 400 or 600
  4. the git host user@ip address is git@
  5. the SSH Host is labelled as gitlab.server
  6. git is installed with sudo apt-get install -y git

The Git SSH Push Script

We will edit file vcs.assets/git-ssh-trial.txt then add, commit and push it up to the git server using the below script.


# --- ---------------------------------------------------------- --- #
# --- Prevent "authenticity of host cant be established" prompt. --- #
# --- ---------------------------------------------------------- --- #
ssh-keyscan $GIT_HOST_IP >> .ssh/known_hosts

# --- -------------------------------------------------- --- #
# --- Test SSH and privae key file against user@hostname --- #
# --- -------------------------------------------------- --- #
ssh -i /home/squirrel/gitlab.laundry4j.private.key.pem -vT "git@$GIT_HOST_IP"

# --- --------------------------------------------- --- #
# --- Clone and configure the local git repository. --- #
# --- --------------------------------------------- --- #
git clone "ssh://git@gitlab.server:/commons/" vcs.assets
cd vcs.assets
git config --local "DevOps Script"
git config --local ""
git config --local core.autocrlf input
git config -l

# --- ------------------------------------------------------------- --- #
# --- Refresh then smoke test a [git commit] and [git push] via ssh --- #
# --- ------------------------------------------------------------- --- #
git pull origin master
echo "hello git ssh world ($the_user@$HOSTNAME on $time_now)." >> git-ssh-trial.txt
git status
git add git-ssh-trial.txt
git commit -m "scripted ssh git push on $time_now"
git push -u origin master

The command ssh -i /home/squirrel/gitlab.laundry4j.private.key.pem -vT "git@$GIT_HOST_IP" is great for grabbing debug logs if you are having problems connecting. It doesn’t involve git – it just checks that you can SSH to the server in question.

The command ssh-keyscan $GIT_HOST_IP >> .ssh/known_hosts creates an entry into .ssh/known_hosts and prevents the SSH prompt.

The command git clone "ssh://git@gitlab.server:/commons/" vcs.assets is where the rubber hits the road. It connects to git and creates a new git workspace folder at vcs.assets

After the script runs – check that the script has pushed the file up to git – hands free. If so, your git push via SSH script is done. Lights out and away you go.

Summary | Git Clone, Configure, Create or Change, Commit and Push via SSH Script

We assume the private key is in the home directory in a file named gitlab.laundry4j.private.key.pem. For Linux the file permisions must be 400 or 600 which is why we start with a chmod command.

Appendix A | Core Git SSH Commands

Note that we could have (but did not) use the git remote command » git remote add origin ssh://git@localhost:/commons/

The key (meat in the sandwich) GIT commands for working with the SSH protocol are

git config core.sshCommand 'ssh -i /path/to/key_file'

and either

git remote add origin ssh://git@localhost:/commons/


git clone ssh://git@localhost:/commons/ <<- workspace folder name ->>

Appending B | Troubleshoot FAQ

1. Remote origin already exists

fatal: remote origin already exists.

you can go to the workspace .git/config file and remove the below section.

[remote “origin”]
url = http://localhost/commons/
fetch = +refs/heads/*:refs/remotes/origin/*

2. The authenticity of host can’t be established

This is because the reverse lookups have failed on the hostname. This is a problem if running in a script. If manual – simply say “yes” you want to carry on connecting.

3. GitLab: You are not allowed to push code to this project

You need to go to GitLab and make sure that the External checkbox in the user profile is not ticked.

Leave a Reply

Your email address will not be published. Required fields are marked *