Ssh

GitLab - 不接受通過 SSH 推送asksf或S_小號H密碼_______一種sķsF這r小號小號Hp一種ss在這rdasks for SSH password,適用於 HTTP 嗎?

  • November 10, 2014

我已經研究了這個問題的多種解決方案,包括: https://serverfault.com/questions/515395/gitlab-unable-to-push-via-ssh Gitlab not working with SSH Keys http://community.bitnami.com /t/unable-to-make-a-ssh-connection-to-gitlab-but-http-push-and-clone-are-working/14939


好的,所以…我今天剛安裝了 GitLab。我遵循了這本手冊。當我開始創建使用者時,“git”正在使用中,所以我決定使用“gitlab”。如果這是一個錯誤的決定,我可以回去嘗試看看什麼在使用“git”以及為什麼以及是否可以停止它並將其交給 GitLab。

基本上,當我推送 GitLab 時,我正在嘗試使用 SSH 地址:gitlab@git.example.com:user/repo。當我使用“git push origin master”(origin指向上述地址)時,我被要求輸入使用者“gitlab”的SSH伺服器密碼。如果我輸入它,GitLab 然後告訴我“使用者/儲存庫”似乎不是儲存庫,然後它退出。

“ssh -vvvT”的輸出是:

C:\Users\Jake>ssh -vvvT gitlab@git.redacted.com
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug2: ssh_connect: needpriv 0
debug1: Connecting to git.redacted.com [redacted] port 22.
debug1: Connection established.
debug1: identity file /c/Users/Jake/.ssh/identity type -1
debug3: Not a RSA1 key file /c/Users/Jake/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /c/Users/Jake/.ssh/id_rsa type 1
debug3: Not a RSA1 key file /c/Users/Jake/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /c/Users/Jake/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubu
ntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-g
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-
sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hel
lman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,ae
s128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndae
l-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,ae
s128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndae
l-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,um
ac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hma
c-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@opens
sh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-1
28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,um
ac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hma
c-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@opens
sh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-1
28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 119/256
debug2: bits set: 524/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /c/Users/Jake/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /c/Users/Jake/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'git.majornoob.com' is known and matches the RSA host key.
debug1: Found key in /c/Users/Jake/.ssh/known_hosts:1
debug2: bits set: 515/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /c/Users/Jake/.ssh/identity (0x0)
debug2: key: /c/Users/Jake/.ssh/id_rsa (0xa01b360)
debug2: key: /c/Users/Jake/.ssh/id_dsa (0xa01b378)
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /c/Users/Jake/.ssh/identity
debug3: no such identity: /c/Users/Jake/.ssh/identity
debug1: Offering public key: /c/Users/Jake/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /c/Users/Jake/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
gitlab@git.redacted.com's password:

C:\Users\Jake>

這似乎無法讀取我的 SSH 密鑰?我不確定發生了什麼。

我使用以下命令嘗試了兩種不同的 SSH 密鑰和兩種不同的加密類型:

ssh-keygen -t rsa -C "redacted@gmail.com"
ssh-keygen -t dsa -C "redacted@gmail.com"

這是我嘗試使用 SSH 協議推送時的輸出:

C:\Users\Jake\Documents\Development\test>git push origin master
gitlab@git.redacted.com's password:
fatal: 'jake/test.git' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

C:\Users\Jake\Documents\Development\test>

為什麼還要輸入 SSH 密碼?我希望它使用密鑰。

密鑰在 GitLab 安裝上,這裡有一些證明: SSH_KEYS

我不確定從這裡去哪裡,或者我可以提供哪些其他資訊來更輕鬆地診斷我的問題。請幫幫我!我願意回答您提出的任何可能使您更容易解決此問題的問題。

先感謝您!


**編輯:**當我使用“ssh -vvvT gitlab@git.redacted.com”並實際輸入使用者密碼時,它會顯示 Ubuntu MOTD。我相當 200% 肯定這不應該發生。

你說的對。MOTD 不應顯示給任何使用者。Gitlab 有自己的內置 shell 來處理使用者,但該 shell 僅在使用者使用其私鑰登錄時執行,這對您不起作用。因為使用密碼以 git 身份登錄會給您帶來提示,所以您應該刪除 git 的密碼:

sudo passwd -d git

然後通過執行禁用 bash 登錄sudo vim /etc/passwd,找到 git 使用者,並在它說的最後,/bin/bash將其替換為/bin/nologin.

至於密鑰,請確保您的客戶端電腦可以使用密鑰。嘗試 sshing 到本地主機。它應該要求輸入密碼。註銷,將客戶端的 ssh 密鑰添加到自身:

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys #This should not require root

然後嘗試再次登錄 localhost。如果它不要求輸入密碼,您就知道您的客戶端設置正確。

如果您的客戶端沒問題,請嘗試調試伺服器。在執行此操作之前,請從螢幕截圖中刪除您的密鑰。然後,通過執行確保 Gitlab 對 /home/git/.ssh 目錄具有完全訪問權限sudo chmod -R git /home/git/.ssh。重新添加您的密鑰,然後執行sudo cat /home/git/.ssh/authorized_keys並查看您的密鑰是否在那裡。

如果這不起作用,請通過執行檢查您的 gitlab 日誌tailf /home/git/gitlab/{LOG}.log,然後{LOG}unicornapplicationproduction或替換githost,然後嘗試添加您的密鑰。

*記住在做任何事情之前刪除你的密鑰。*密鑰儲存在數據庫中,應該儲存在 /home/git/.ssh/authorized_keys 中。如果它們在數據庫中,但不在文件中,您可能會遇到問題。

引用自:https://serverfault.com/questions/614698