Suppose we have a deploy.php script at /var/www/html/deploy.php that is called by a hook from a service such as Github or Bitbucket.
We need to configure our web-server user, in this case it’s www-data, who’s default home directory is /var/www.
Create .ssh directory and set permissions
mkdir /var/www/.ssh chmod 0700 /var/www/.ssh chown -R www-data:www-data /var/www/.ssh
Create the SSH keys and restrict permission on the keys, chmod 0700 above allows the server write to the known_hosts file which will be created within this directory also. Although you cannot switch session to the www-data user as it has no bash shell you can execute commands as the user using sudo -u www-data.
sudo -u www-data ssh-keygen -t rsa chmod 0600 /var/www/.ssh/id_rsa chmod 0600 /var/www/.ssh/id_rsa.pub
Add the public key to the repository host service, i.e. Github, Bitbucket. Copy key from
cat /var/www/.ssh/id_rsa.pub
Add service to the www-data known_hosts file, in this case Bitbucket
sudo -u www-data ssh -T [email protected]