Gitlab,权限被拒绝(公钥),版本 6-4 稳定

Posted

技术标签:

【中文标题】Gitlab,权限被拒绝(公钥),版本 6-4 稳定【英文标题】:Gitlab, Permission denied (publickey), version 6-4 stable 【发布时间】:2014-02-09 09:33:58 【问题描述】:

权限被拒绝(公钥)。致命:无法从远程读取 存储库。

请确保您拥有正确的访问权限和存储库 存在。

Gitlab 6-4 稳定版

root@gitlab:/home/git/gitlab# sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production

System information
System:     Ubuntu 12.04
Current User:   git
Using RVM:  no
Ruby Version:   2.0.0p353
Gem Version:    2.0.14
Bundler Version:1.5.2
Rake Version:   10.1.0

GitLab information
Version:    6.4.3
Revision:   38397db
Directory:  /home/git/gitlab
DB Adapter: mysql2
URL:        http://gitlab.xxx.xxx
HTTP Clone URL: http://gitlab.xxx.xxx/some-project.git
SSH Clone URL:  git@gitlab.xxx.xxx/some-project.git
Using LDAP: no
Using Omniauth: no

GitLab Shell
Version:    1.8.0
Repositories:   /home/git/repositories/
Hooks:      /home/git/gitlab-shell/hooks/
Git:        /usr/bin/git



root@gitlab:/home/git/gitlab# sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production

Checking Environment ...

Git configured for git user? ... yes
Has python2? ... yes
python2 is supported version? ... yes

Checking Environment ... Finished

Checking GitLab Shell ...

GitLab Shell version >= 1.7.9 ? ... OK (1.8.0)
Repo base directory exists? ... yes
Repo base directory is a symlink? ... no
Repo base owned by git:git? ... yes
Repo base access is drwxrws---? ... yes
update hook up-to-date? ... yes
update hooks in repos are links: ... 
Alexander  / Test ... repository is empty
Running /home/git/gitlab-shell/bin/check
Check GitLab API access: OK
Check directories and files: 
    /home/git/repositories: OK
    /home/git/.ssh/authorized_keys: OK
Test redis-cli executable: redis-cli 2.2.12
Send ping to redis server: PONG
gitlab-shell self-check successful

Checking GitLab Shell ... Finished

Checking Sidekiq ...

Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking LDAP ...

LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab ...

Database config exists? ... yes
Database is SQLite ... no
All migrations up? ... yes
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Init script exists? ... yes
Init script up-to-date? ... yes
projects have namespace: ... 
Alexander  / Test ... yes
Projects have satellites? ... 
Alexander  / Test ... can't create, repository is empty
Redis version >= 2.0.0? ... yes
Your git bin path is "/usr/bin/git"
Git version >= 1.7.10 ? ... yes (1.8.5)

Checking GitLab ... Finished

并试图推动

root@gitlab:/home/git/repositories/test# git push origin master

权限被拒绝(公钥)。致命:无法从远程存储库中读取。请确保您拥有正确的访问权限和 存储库存在。

shh -vv git@xxx.xxx

 alex@xxxxxxx:~$ ssh -vv git@gitlab.xxx.xxx
OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to gitlab.xxx.xxx [192.168.0.40] port 22.
debug1: Connection established.
debug1: identity file /home/alex/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2047
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2047
debug1: identity file /home/alex/.ssh/id_rsa-cert type -1
debug1: identity file /home/alex/.ssh/id_dsa type -1
debug1: identity file /home/alex/.ssh/id_dsa-cert type -1
debug1: identity file /home/alex/.ssh/id_ecdsa type -1
debug1: identity file /home/alex/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Host 'gitlab.xxx.xxx' is known and matches the ECDSA host key.
debug1: Found key in /home/alex/.ssh/known_hosts:30
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/alex/.ssh/id_rsa (0x7f8d86afa4f0),
debug2: key: /home/alex/.ssh/id_dsa ((nil)),
debug2: key: /home/alex/.ssh/id_ecdsa ((nil)),
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/alex/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 276
debug2: input_userauth_pk_ok: fp xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Authentication succeeded (publickey).
Authenticated to gitlab.xxx.xxx ([192.168.0.40]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env LC_PAPER = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_ADDRESS = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_MONETARY = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_NUMERIC = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_TELEPHONE = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_IDENTIFICATION = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_MEASUREMENT = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_TIME = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_NAME = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 100 id 0
PTY allocation request failed on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to GitLab, Anonymous!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
Connection to gitlab.xxx.xxx closed.
Transferred: sent 4088, received 2432 bytes, in 0.3 seconds
Bytes per second: sent 14872.5, received 8847.8
debug1: Exit status 0

alex@xxxxx:~$ ssh git@gitlab.xxx.xxx 通道 0 上的 PTY 分配请求失败 欢迎来到 GitLab,匿名! 与 gitlab.xxx.xx 的连接已关闭。

我在生产服务器上尝试了 5.4 stable 和同样的问题。

但是,为了感兴趣,我在本地测试服务器上安装了 5.4 和虚拟机,它工作正常。现在我什至已经比较了所有内容,但它并没有推送到生产服务器上。看起来这个问题与 SSH 有关。

我已经搜索了很多,但我尝试的所有解决方案都不适用于我的情况。我已经不知道了,感觉是一种软件错误...

我将不胜感激。提前致谢! 亲切的问候, 亚历克斯

【问题讨论】:

Getting permission denied (public key) on gitlab的可能重复 【参考方案1】:

尝试同时推送到 https 网址而不是 ssh 这可以为您省去很多麻烦 - 例如使用这个:

git remote add origin https://gitlab.com/someuser/algorithm-excercises.git

代替:

git remote add origin git@gitlab.com:someuser/algorithm-excercises.git

【讨论】:

【参考方案2】:

我在搜索了很多之后发现了这个。它对我来说非常好用。

    像 cmd 一样转到“Git Bash”。 输入ssh-keygen 按回车键。 它会要求您将密钥保存到特定目录。 按回车键。它会提示您输入密码或不输入密码。 公钥将创建到特定目录。 现在进入目录并打开.ssh文件夹。 您会看到一个文件id_rsa.pub。在记事本上打开它。复制其中的所有文本。 转到https://gitlab.com/profile/keys。 在此处粘贴到“key”文本字段中。 现在点击下面的“标题”。它会自动被填满。 然后点击“添加密钥”。

现在试一试,它肯定会起作用。

【讨论】:

请不要在多个问题中添加the same answer。回答最好的一个并将其余的标记为重复。见Is it acceptable to add a duplicate answer to several questions?【参考方案3】:

您好,我遇到了类似的问题(这是在向新创建的用户添加新的 ssh 密钥之后) 我修复了它,重新生成已损坏的授权密钥

cd /home/git/gitlab

sudo -u git -H bundle exec rake gitlab:shell:setup RAILS_ENV=production
This will rebuild an authorized_keys file.
You will lose any data stored in authorized_keys file.
Do you want to continue (yes/no)? yes

【讨论】:

感谢重播!不幸的是,它对我不起作用。与“通道 0 上的 PTY 分配请求失败”相同 那么我建议在 github 上提交一个问题,他们往往会很快找到:github.com/gitlabhq/gitlabhq/… Hithwen,非常感谢!我的问题现在也在 GitHub github.com/gitlabhq/gitlabhq/issues/6104 同样的问题,使用交钥匙 linux VM 。这个答案对我有用。在我的情况下,无需手动触摸 /home/git/repositories/.ssh/authorized_keys【参考方案4】:

我发布了一个类似问题的答案

Why does ssh connection to gitlab not work (while http push and clone work fine)?

这涉及将您的公钥添加到

/home/git/repositories/.ssh/authorized_keys

【讨论】:

【参考方案5】:

打开你的终端并生成公钥:

ssh-keygen -t rsa -C "yourmail@mail.com" -b 4096

转到系统中的 ssh rsa 文件夹: 在 Mac 上转到转到文件夹并输入此地址:

~/.ssh

然后用文本编辑器打开它并复制密钥

然后去 gitlab 设置 shh 键并在那里粘贴 https://gitlab.com/profile/keys/2346923

然后再试一次

git push -u origin master

【讨论】:

【参考方案6】:

在存储库中添加 .ssh 文件夹对我有用,所以我这样做了:

sudo -u git -H ln -s /home/git/.ssh /home/git/repositories/

现在所有用户都可以从 gitlab web 添加密钥并使用 ssh。

【讨论】:

【参考方案7】:

确保您在本地有一个现有的 SSH 密钥对。

转到您的主目录,然后转到.ssh/ 子目录。如果.ssh/ 子目录不存在, 您要么不在主目录中,要么您之前没有使用过 ssh。

如果不存在,需要在.ssh/子目录下生成SSH密钥对:

    cd ~ cd .ssh/ ssh-keygen -t ed25519 -C "<comment>"

然后只需按 Enter 即可完成。

【讨论】:

以上是关于Gitlab,权限被拒绝(公钥),版本 6-4 稳定的主要内容,如果未能解决你的问题,请参考以下文章

GitLab 错误消息 - 权限被拒绝(公钥) - Bitnami

权限被拒绝(公钥、密码)。 rsync:连接意外关闭 - gitlab

在我的 Raspberry Pi 上从 Gitlab.com 克隆 Repo 时权限被拒绝(公钥)

无法将代码从 Vs Code 界面推送到 gitlab。 Git:git@gitlab.com:权限被拒绝(公钥,键盘交互)

SSH 到 GitLab 权限被拒绝(公钥、gssapi-keyex、gssapi-with-mic)

通过 SSH 将 gitlab-runner(服务器)连接到虚拟机失败:权限被拒绝(公钥、密码)