gitlab ssh clone问题解决

Posted 2020-12-03 newalan

公司搭建的gitlab，通过http协议可以clone：

[[email protected] gitlab]$ git clone http://gitlab.test.mycompany.com/dev_group/test_project1.git
Cloning into ‘test_project1‘...
Username for ‘http://gitlab.test.mycompany.com‘: sisi
Password for ‘http://[email protected]‘:
remote: Counting objects: 11, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 11 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (11/11), done.

但是用ssh clone就会失败

[[email protected] ssh]$ git clone [email protected]:dev_group/test_project1.git
Cloning into ‘test_project1‘...
The authenticity of host ‘gitlab.test.mycompany.com (123.56.11.231)‘ can‘t be established.
RSA key fingerprint is 5d:62:8d:b7:d7:51:03:87:ea:65:ce:35:6c:ee:95:7a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘gitlab.test.mycompany.com,123.56.11.231‘ (RSA) to the list of known hosts.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

解决方案
（1）修改/etc/ssh/sshd_config文件
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
（2）改权限及公钥
#chmod 700 /root/.ssh
#chmod 644 /root/.ssh/authorized_keys
并把本地主机的pub公钥放到/root/.ssh/authorized_keys
（3）重启sshd
service restart

但是之后用ip测试连接成功，用域名则失败
[[email protected] ssh]$ ssh -T [email protected]
Welcome to GitLab, sisi!
[[email protected] ssh]$ ssh -T [email protected]
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

git clone的结果也是一样的

[[email protected] ssh]$ git clone [email protected]:dev_group/test_project1.git
Cloning into ‘test_project1‘...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
[[email protected] ssh]$ git clone [email protected]:dev_group/test_project1.git
Cloning into ‘test_project1‘...
remote: Counting objects: 11, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 11 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (11/11), done.
[[email protected] ssh]$

用IP可以克隆，用域名还不行

那么问题在于域名是否正确解析为正确的ip

[[email protected] .ssh]$ host gitlab.test.mycompany.com
gitlab.test.mycompany.com has address 123.56.11.231
[[email protected] ssh]$ ping gitlab.test.mycompany.com
PING gitlab.test.mycompany.com (172.16.181.60) 56(84) bytes of dat
不同方式获取的IP不一致，是导致ssh用域名访问不行的原因

而执行git  clone时连接的服务器地址放在.ssh/known_hosts中，从其中可以看出域名被解析成123.56.11.231，

即与host命令查到的ip一致，都是错误的

解决方案：

（1）删除 .ssh/known_hosts中错误的域名ip记录

（2）在/etc/hosts增加域名与正确ip的对应

[[email protected] .ssh]$ sudo vi /etc/hosts
增加一行
172.16.181.60 gitlab.test.mycompany.com

再测试成功如下：

[[email protected] ssh]$ git clone [email protected]:dev_group/test_project1.git
Cloning into ‘test_project1‘...
The authenticity of host ‘gitlab.test.mycompany.com (172.16.181.60)‘ can‘t be established.
RSA key fingerprint is ba:ec:d0:b3:b3:1e:39:10:fc:b2:ac:3d:41:ff:d1:50.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘gitlab.test.mycompany.com,172.16.181.60‘ (RSA) to the list of known hosts.
remote: Counting objects: 11, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 11 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (11/11), done.
[[email protected] ssh]$ ls
test_project1