Solve the problem of one gitlab login failure Using SSH

Fault symptom:

[[email protected] data]# git clone ssh://[email protected]:22022/lxk/core.gitCloning into ‘core‘...[email protected]‘s password: Permission denied, please try again.[email protected]‘s password: Permission denied, please try again.[email protected]‘s password: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).fatal: Could not read from remote repository.Please make sure you have the correct access rightsand the repository exists.

The local key has been created and the private key is passed to the SSH keys user. The operation is fine, but you can only enter the user name and password for logon through HTTP.

The prompt "Permission denied" indicates that the permission is incorrect because you cannot log on with a password during SSH logon. The prompt "Permission denied" is displayed no matter whether the entered password is correct. View the logon process in debug mode:

[[Email protected]. SSH] # ssh-Vt [email protected]-P 22022openssh_7.4p1, OpenSSL 1.0.2k-FIPS 26 Jan 20.debug1: Reading configuration data/etc/ssh/ssh_configdebug1: /etc/ssh/ssh_config line 58: Applying options for * debug1: connecting to gitlab.lixinkuan.com [X. x. x. x] Port 22022. debug1: Connection established. debug1: permanently_set_uid: 0/0debug1: key_load_public: no such file or directorydebug 1: Identity file/root /. SSH/id_rsa type-1debug1: key_load_public: no such file or directorydebug1: Identity file/root /. SSH/id_rsa-cert type-1debug1: identity files/root /. SSH/id_dsa type 2debug1: key_load_public: no such file or directorydebug1: Identity file/root /. SSH/id_dsa-cert type-1debug1: key_load_public: no such file or directorydebug1: Identity file/root /. SSH/id_ecdsa type-1debug1: K Ey_load_public: no such file or directorydebug1: Identity file/root /. SSH/id_ecdsa-cert type-1debug1: key_load_public: no such file or directorydebug1: Identity file/root /. SSH/id_ed25519 type-1debug1: key_load_public: no such file or directorydebug1: Identity file/root /. SSH/id_ed25519-cert type-1debug1: enabling compatibility mode for protocol 2.0debug1: local version string SSH-2.0-OpenSSH_7. 4debug1: Remote Protocol Version 2.0, remote software version Protocol: Match: openssh_5.3 Pat openssh_5 * compat Protocol: authenticating to Protocol: 22022 as 'git 'debug1: inclusentdebug1: incluinclueddebug1: kex: algorithm: diffie-hellman-group-exchange-sha256debug1: kex: host key algorithm: ssh-rsadebug1: kex: Server-> client cipher: aes128-c Tr Mac: [email protected] Compression: nonedebug1: kex: client-> server cipher: aes128-ctr Mac: [email protected] Compression: nonedebug1: kex: diffie-hellman-group-exchange-sha256 need = 16 dh_need = 16debug1: kex: diffie-hellman-group-exchange-sha256 need = 16 dh_need = 16debug1: ssh2_msg_kex_dh_gex_request (1024 <3072 <8192) sentdebug1: Got requests: ssh2_msg_kex_dh_gex_init sentdebu G1: Got ssh2_msg_kex_dh_gex_replydebug1: server host key: SSH-RSA sha256: login: checking without Port identifierthe authenticity of host '[gitlab.lixinkuan.com]: 22022. x. x. x]: 22022) 'Can't be established. RSA key fingerprint is sha256: ywkrqd2vsjmqoedwncase8onv5h0usbgqewr18lhd8. RSA key fingerprint is MD5: 14: 8c: 87: 8f: B5: 15: 75: E1: 8A: 31: A5: 61: Ce: 9d: 68: 6C. Are you sure you want to continue connecting (Yes/No )? Yeswarning: Permanently added '[gitlab.lixinkuan.com]: 22022, [X. x. x. x]: 22022 '(RSA) to the list of known hosts. # deny debug1: rekey after 4294967296 failed: expecting failed: Too Many eddebug1: rekey after 4294967296 blocksdebug1: Too Many eddebug1: authentications that can continue: publickey, gssapi-keyex, gssapi -With-mic, passworddebug1: Next authentication method: gssapi-keyex # One of the following authentication methods: gssapi-keyexdebug1: no valid key exchange context # no valid Password context debug1: Next authentication method: gssapi-with-mic # One of the following authentication methods: gssapi-with-micdebug1: unspecified GSS failure. minor code may provide more informationno Kerberos credentials available (default cache: keyring: Persistent: 0) debug1: unspecified GSS failure. minor code m Ay provide more informationno Kerberos credentials available (default cache: keyring: Persistent: 0) # The following shows that the files trying to read the authentication are all files in the/root/. Ssh directory. We are logged on to gitlab. The script is incorrect. We should not read the authentication file from here !!! Debug1: Next authentication method: publickeydebug1: Trying private key:/root /. SSH/id_rsadebug1: offering DSA Public Key:/root /. SSH/id_dsadebug1: authentications that can continue: publickey, gssapi-keyex, gssapi-with-mic, passworddebug1: Trying private key:/root /. SSH/id_ecdsadebug1: Trying private key:/root /. SSH/id_ed25519debug1: Next authentication method: Password [email protected]'s password: debug1: authentications that can continue: publickey, gssapi-keyex, gssapi-with-mic, passwordpermission denied, please try again. [email protected]'s password: debug1: authentications that can continue: publickey, gssapi-keyex, gssapi-with-mic, passwordpermission denied, please try again. [email protected]'s password: debug1: authentications that can continue: publickey, gssapi-keyex, gssapi-with-mic, passworddebug1: No more authentication methods to try. permission denied (publickey, gssapi-keyex, gssapi-with-mic, password ).

Because there is a problem with SSH Login, the permission should be assigned to the file of gitlab's SSH function module.

The permission to view the key file. Only the owner has the permission, and the owner and other have no permission. There is no problem with the. Ssh directory.

[[email protected] gitlab]# ll -d .ssh/drwx------ 2 git git 4096 Jul 18 09:29 .ssh/[[email protected] gitlab]# ll .ssh/total 32-rw------- 1 git git 28332 Oct 16 20:50 authorized_keys-rw------- 1 git git     0 Oct 16 20:50 authorized_keys.lock

View gitlab-shell Permissions

[[email protected] gitlab]# ll -d gitlab-shell/drwx------ 2 git root 4096 Oct 16 20:46 gitlab-shell/[[email protected] gitlab]# ll  gitlab-shell/total 4-rw-r--r-- 1 root root 1105 Jul 17 12:52 config.yml[[email protected] gitlab-shell]# stat config.yml  File: `config.yml‘  Size: 1105        Blocks: 8          IO Block: 4096   regular fileDevice: fc01h/64513d    Inode: 132041      Links: 1Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)Access: 2018-10-16 18:38:47.356925223 +0800Modify: 2018-07-17 12:52:10.845000022 +0800Change: 2018-07-17 12:52:10.847000022 +0800

The owner and group of config. yml are root. Change it to root git and restart the GIT service. The fault persists.

[[email protected] data]# git clone ssh://[email protected]:22022/lxk/core.gitCloning into ‘core‘...[email protected]‘s password: Permission denied, please try again.[email protected]‘s password: Permission denied, please try again.[email protected]‘s password: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).fatal: Could not read from remote repository.Please make sure you have the correct access rightsand the repository exists.

Then, change the config. yml permission to the following:

[[email protected] gitlab-shell]# lltotal 4-rw-r----- 1 root git 1105 Jul 17 12:52 config.yml

After the service is restarted, it returns to normal:

[[email protected] data]# git clone ssh://[email protected]:22022/lxk/core.gitCloning into ‘core‘...remote: Counting objects: 5943, done.remote: Compressing objects: 100% (3822/3822), done.remote: Total 5943 (delta 2054), reused 5916 (delta 2042)Receiving objects: 100% (5943/5943), 430.32 MiB | 1.28 MiB/s, done.Resolving deltas: 100% (2054/2054), done.Checking out files: 100% (8849/8849), done.

The cause of the problem is the File Permission problem. I don't know which of the following experts has changed the permissions of the gitlab-shell configuration file, or I copied a configuration file to the gitlab server using the root user.

Git uses the permission of other to read config. yml theoretically. However, ssh requires extremely strict file permissions, so it cannot be read at all.

Attached to the normal SSH debugging mode to log on to the gitlab Server:

[[Email protected] core] # ssh-Vt [email protected]-P 22022openssh_7.4p1, OpenSSL 1.0.2k-FIPS 26 Jan 20.debug1: Reading configuration data/etc/ssh/ssh_configdebug1: /etc/ssh/ssh_config line 58: Applying options for * debug1: connecting to gitlab.lixinkuan.com [X. x. x. x] Port 22022. debug1: Connection established. debug1: permanently_set_uid: 0/0debug1: key_load_public: no such file or directorydebug 1: Identity file/root /. SSH/id_rsa type-1debug1: key_load_public: no such file or directorydebug1: Identity file/root /. SSH/id_rsa-cert type-1debug1: identity files/root /. SSH/id_dsa type 2debug1: key_load_public: no such file or directorydebug1: Identity file/root /. SSH/id_dsa-cert type-1debug1: key_load_public: no such file or directorydebug1: Identity file/root /. SSH/id_ecdsa type-1debug1: K Ey_load_public: no such file or directorydebug1: Identity file/root /. SSH/id_ecdsa-cert type-1debug1: key_load_public: no such file or directorydebug1: Identity file/root /. SSH/id_ed25519 type-1debug1: key_load_public: no such file or directorydebug1: Identity file/root /. SSH/id_ed25519-cert type-1debug1: enabling compatibility mode for protocol 2.0debug1: local version string SSH-2.0-OpenSSH_7. 4debug1: Remote Protocol Version 2.0, remote software version Protocol: Match: openssh_5.3 Pat openssh_5 * compat Protocol: authenticating to Protocol: 22022 as 'git 'debug1: inclusentdebug1: incluinclueddebug1: kex: algorithm: diffie-hellman-group-exchange-sha256debug1: kex: host key algorithm: ssh-rsadebug1: kex: Server-> client cipher: aes128-c Tr Mac: [email protected] Compression: nonedebug1: kex: client-> server cipher: aes128-ctr Mac: [email protected] Compression: nonedebug1: kex: diffie-hellman-group-exchange-sha256 need = 16 dh_need = 16debug1: kex: diffie-hellman-group-exchange-sha256 need = 16 dh_need = 16debug1: ssh2_msg_kex_dh_gex_request (1024 <3072 <8192) sentdebug1: Got requests: ssh2_msg_kex_dh_gex_init sentdebu G1: Got ssh2_msg_kex_dh_gex_replydebug1: server host key: SSH-RSA sha256: hosts: host' [gitlab.lixinkuan.com]: 22022 'is known and matches the RSA host key. debug1: Found key in/root /. SSH/known_hosts: 1debug1: rekey after 4294967296 blocksdebug1: ssh2_msg_newkeys sentdebug1: expecting restart: ssh2_msg_newkeys restart eddebug1: rekey after 4294 967296 blocksdebug1: commandid eddebug1: authentications that can continue: publickey, gssapi-keyex, gssapi-with-mic, passworddebug1: Next authentication method: gssapi-keyexdebug1: no valid key exchange contextdebug1: next authentication method: gssapi-with-micdebug1: unspecified GSS failure. minor code may provide more informationno Kerberos credentials available (default cache: Keyring: Persistent: 0) debug1: unspecified GSS failure. minor code may provide more informationno Kerberos credentials available (default cache: keyring: Persistent: 0) debug1: Next authentication method: publickeydebug1: Trying private key:/root /. SSH/id_rsadebug1: offering DSA Public Key:/root /. SSH/id_dsadebug1: Remote: Forced Command:/opt/gitlab/Embedded/service/gitlab-shell/bin/gitlab-shell key- 77debug1: Remote: port forwarding disabled. debug1: Remote: X11 forwarding disabled. debug1: Remote: Agent forwarding disabled. debug1: Remote: Pty allocation disabled. debug1: Server accepts key: pkalg ssh-DSS blen 433debug1: Remote: Forced Command:/opt/gitlab/Embedded/service/gitlab-shell/bin/gitlab-shell key-77debug1: Remote: port forwarding disabled. debug1: Remote: X11 forwarding disabled. debug1: Remote: Agent forwarding disabled. debug1: Remote: Pty allocation disabled. debug1: authentication succeeded (publickey ). authenticated to gitlab.lixinkuan.com ([X. x. x. x]: 22022 ). debug1: Channel 0: New [client-session] debug1: requesting [email protected] debug1: Entering interactive session. debug1: pledge: networkdebug1: sending environment. debug1: sending env lang = en_US.UTF-8Welcome to gitlab, Li xinkuan! Debug1: Protocol: Channel 0 Rtype exit-status reply 0debug1: client_input_channel_req: Channel 0 Rtype [email protected] Reply 0debug1: Channel 0: Free: client-session, nchannels 1 transferred: sent 3328, received 3664 bytes, in 0.1 secondsbytes per second: Sent 27166.7, received 29909.5debug1: Exit status 0

Solve the problem of one gitlab login failure Using SSH