Gitlab在推送git用户时提示输入密码
Posted
技术标签:
【中文标题】Gitlab在推送git用户时提示输入密码【英文标题】:Gitlab prompts for password while push for git user 【发布时间】:2013-09-01 08:26:05 【问题描述】:我在 linode 的服务器上安装了 gitlab。 gitlab 的所有服务都运行良好。我能够登录、创建用户、回购等。 但我面临的问题是,当我尝试推送一个 repo 时,它会提示 git 用户的密码,如下所示:
git@gitlab.myserver.com's password
我已按照安装 gitlab 的说明操作:https://github.com/gitlabhq/gitlabhq/blob/master/doc/install/installation.md,并使用安装指南中提到的以下行禁用登录让用户 git:
sudo adduser --disabled-login --gecos 'GitLab' git
我使用的是 gitlab 版本 6。可能是什么问题?
ssh -Tvvv git@gitlab.myserver.com的输出如下:
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to gitlab.myserver.com [MY_IP] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/swaroop/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/swaroop/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/swaroop/.ssh/id_rsa-cert type -1
debug1: identity file /home/swaroop/.ssh/id_dsa type -1
debug1: identity file /home/swaroop/.ssh/id_dsa-cert type -1
debug1: identity file /home/swaroop/.ssh/id_ecdsa type -1
debug1: identity file /home/swaroop/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "gitlab.myserver.com" from file "/home/swaroop/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/swaroop/.ssh/known_hosts:92
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 92:57:61:35:b1:e2:16:3b:7f:ae:e7:8a:dc:0c:98:83
debug3: load_hostkeys: loading entries for host "gitlab.myserver.com" from file "/home/swaroop/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/swaroop/.ssh/known_hosts:92
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "MY_IP" from file "/home/swaroop/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/swaroop/.ssh/known_hosts:93
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'gitlab.myserver.com' is known and matches the ECDSA host key.
debug1: Found key in /home/swaroop/.ssh/known_hosts:92
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/swaroop/.ssh/id_rsa (0x7fd470589410)
debug2: key: /home/swaroop/.ssh/id_dsa ((nil))
debug2: key: /home/swaroop/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/swaroop/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/swaroop/.ssh/id_dsa
debug3: no such identity: /home/swaroop/.ssh/id_dsa
debug1: Trying private key: /home/swaroop/.ssh/id_ecdsa
debug3: no such identity: /home/swaroop/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
git@gitlab.myserver.com's password:
以下是我运行时的输出:rvmsudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
System information
System: Ubuntu 12.04
Current User: git
Using RVM: yes
RVM Version: 1.22.3
Ruby Version: 2.0.0p247
Gem Version: 2.0.7
Bundler Version:1.3.5
Rake Version: 10.1.0
GitLab information
Version: 6.0.0
Revision: 6c1c284
Directory: /home/git/gitlab
DB Adapter: mysql2
URL: http://gitlab.myserver.com
HTTP Clone URL: http://gitlab.myserver.com/some-project.git
SSH Clone URL: git@gitlab.myserver.com:some-project.git
Using LDAP: no
Using Omniauth: no
GitLab Shell
Version: 1.7.0
Repositories: /home/git/repositories/
Hooks: /home/git/gitlab-shell/hooks/
Git: /usr/bin/git
【问题讨论】:
GitLab requires git@localhost password to push to a repo的可能重复 【参考方案1】:我遇到了同样的问题,但这是因为我的服务器只接受“sshusers”用户的 ssh 登录。
在/etc/ssh/sshd_config 我有以下行:
AllowGroups sshusers
为了解决这个问题,我将 git 添加到 sshusers 组:
$ sudo adduser git sshusers
然后它就开始工作了。
【讨论】:
我什至没有一个叫 git 的用户 @Nachbar90 :您应该这样做,这是安装过程的一部分。 我在/etc/ssh/sshd_config 中没有AllowGroups,但我确实有AllowUsers,我刚刚将git 添加到列表中,一切正常!感谢您带领我朝着正确的方向前进!【参考方案2】:
这应该只是意味着:
公共 ssh 密钥在用户帐户中注册错误 和/或公共/私有 ssh 密钥无法从用户帐户访问(~/.ssh 保护不正确,名称与 id_rsa 不同,id_rsa.pub 不正确,~/.ssh/config 文件不正确)。
例如,在“Git SSH authentication”上查看更多信息。
OP swaroopsmcomments:
我通过在服务器上重新安装 gitlab 解决了这个问题。现在一切都很好。
【讨论】:
我已经粘贴了本地机器的 id_rsa.pub 并添加到我在 gitlab 上的 SSH 公钥设置中。仍然无法正常工作 @swaroopsm 仔细检查本地保护问题。您可以在客户端的命令行中成功执行简单的ssh -T git@gitlab.myserver.com 吗?如果没有,研究ssh -Tvvv git@gitlab.myserver.com的输出
@swaroopsm 你确定你有/home/swaroop/.ssh/id_rsa吗?有正确的保护?你的公钥在 gitlab 服务器的~git/.ssh/authorized_keys 中可见吗?
我有一个 id_rsa.pub 因为我在将代码推送到 github 时没有问题。只是我无法将其推送到我的服务器上。我的服务器上 /home/git/.ssh 所需的文件权限是什么?
我用ssh-keygen重新生成了我的ssh密钥,并重新添加到了Gitlab设置中;这有效【参考方案3】:
当我使用 HTTP URL 设置远程存储库时,我遇到了类似的问题。
我将其更改为使用 SSH URL,并且效果很好:
git remote set-url gitlab git@gitlab.devekko.net:niccolox/cirm-website.git
【讨论】:
我遇到了和 OP 一样的问题。我在 RHEL 和 Mac OS 上都使用了 http URL。在 Mac OS 上,它不要求输入密码。在 RHEL 上,确实如此。因此,按照建议更改效果很好:git remote set-url origin <new git@ url> https://<old https url>【参考方案4】:
在我的情况下,我必须使用 ssh 添加远程存储库作为
git remote add gitlab ssh://git@your.project:222/git/repo_name.git
这使得 git 不再要求我输入密码。注意ssh://和port=222的使用。
【讨论】:
这是我的问题,忘记更改端口:\【参考方案5】:在启用 SELinux 的系统上,您不应按照某些答案的建议禁用 SELinux。
为了适应 SELinux 的限制(如果它们是密码提示的原因;检查你的 /var/log/audit/audit.log )更改 gitlab 的安全上下文:
chcon -t user_home_dir_t /var/opt/gitlab/
chcon -t ssh_home_t /var/opt/gitlab/.ssh/
chcon -t ssh_home_t /var/opt/gitlab/.ssh/authorized_keys
(建议at the gitlab group)
【讨论】:
注意 chcon 只是临时的,不会在重新标记或 restorecon 后继续存在。【参考方案6】:要正确修复 selinux 问题,请使用以下命令。请注意,chcon 只是临时的,不会在 relabel 或 restorecon 后继续存在,因此您应该改用 semanage。
semanage fcontext -a -t user_home_dir_t "/var/opt/gitlab(/.*)?"
semanage fcontext -a -t ssh_home_t "/var/opt/gitlab/.ssh(/.*)?"
restorecon -rv /var/opt/gitlab
【讨论】:
【参考方案7】:我尝试了很多选择,但都没有成功。
唯一为我解决的是osxkeychain helper
参见教程here。
本教程来自 github,但也适用于 gitlab。
【讨论】:
【参考方案8】:我有同样的问题。我的是启用了 SELinux。请禁用 SELinux 这里是链接 http://www.how2centos.com/disable-selinux-centos-6/
【讨论】:
以上是关于Gitlab在推送git用户时提示输入密码的主要内容,如果未能解决你的问题,请参考以下文章