I'm having issues cloning a repository on a new machine. While git clone over SSH works perfectly fine on a machine which I had already setup (a while ago), I've now added my public key in the GitLab GUI and try git clone git#, but without success. The fact that it works on my other machine, suggests a client-side issue to me. What I'm trying:
ssh -vT git#<DOMAIN_NAME>.de
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to <DOMAIN_NAME>.de [141.89.97.171] port 22.
debug1: Connection established.
debug1: identity file <HOME_DIR>/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file <HOME_DIR>/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file <HOME_DIR>/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file <HOME_DIR>/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file <HOME_DIR>/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file <HOME_DIR>/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file <HOME_DIR>/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file <HOME_DIR>/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.10
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.10 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to <DOMAIN_NAME>.de:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:QUDzLMIelWfaGrqQjj9O7DLHHeW/1mG/+b8fYvXck34
debug1: Host '<DOMAIN_NAME>.de' is known and matches the ECDSA host key.
debug1: Found key in <HOME_DIR>/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: pubkey_prepare: ssh_get_authentication_socket: Permission denied
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: <HOME_DIR>/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: <HOME_DIR>/.ssh/id_dsa
debug1: Trying private key: <HOME_DIR>/.ssh/id_ecdsa
debug1: Trying private key: <HOME_DIR>/.ssh/id_ed25519
debug1: Next authentication method: password
git#<DOMAIN_NAME>.de's password:
I checked the public key in the GitLab GUI with the one in my .ssh/id_rsa.pub (they match), so I expect it to work without this password prompt. I've checked several SO posts (ssh clone not working with github) (I'm aware that gitlab and github are two different beasts), gitlab issue pages, etc., but haven't found a solution yet. Again; what particularly bothers me is that this is not working for an 'unseen' machine, and works for others, suggesting something on the client side. Still, I have restarted and reconfigured gitlab (gitlab-ctl restart and gitlab-ctl reconfigure) as well on the server, both before and after adding my new public key, but that didn't help either.
Any thoughts?
For future reference/anyone who runs into the same problem; I've fixed it with a gitlab-rake gitlab:shell:setup on the server that is hosting gitlab. No restart (of gitlab), reconfigure or re-generating/copying of the key file needed.
Related
From MACHINE_2, as USER1, I need to SSH into MACHINE_1 without having to provide a password.
I created a pair of RSA keys (private_key, public_key) using the command C:\cygwin64\bin\ssh-keygen -t rsa.
I have put the two files private_key and public_key in the folder C:\cygwin64\home\USER1\.ssh\machines_1_2\.
On MACHINE_1, I copied the contents of the public_key file into the file D:\cygwin\home\USER1\.ssh\authorized_keys.
On MACHINE_2, I created the file C:\cygwin64\home\USER1\.ssh\config in which I put the following lines:
Host 192.168.77.45
Port 22
IdentityFile ~/.ssh/machines_1_2/private_key
When I try to SSH into MACHINE_1, I get a "Permission denied" message (see the output below).
USER1#MACHINE_2$ ssh -v 192.168.77.45
OpenSSH_8.9p1, OpenSSL 1.1.1m 14 Dec 2021
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 192.168.77.45 [192.168.77.45] port 22.
debug1: Connection established.
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_rsa type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_rsa-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ecdsa type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ecdsa-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ecdsa_sk type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ed25519 type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ed25519-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ed25519_sk type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_xmss type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_xmss-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_dsa type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7
debug1: compat_banner: match: OpenSSH_6.7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.77.45:22 as 'MACHINE_1+USER1'
debug1: load_hostkeys: fopen /cygdrive/c/Users/USER1/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:qSH/p+CitL49lw4RPcwmVd8P+e02Ot1yjTSagmyiZhA
debug1: load_hostkeys: fopen /cygdrive/c/Users/USER1/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.77.45' is known and matches the ECDSA host key.
debug1: Found key in /cygdrive/c/Users/USER1/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_rsa
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_ecdsa
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_ecdsa_sk
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_ed25519
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_ed25519_sk
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_xmss
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_dsa
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_rsa
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_ecdsa
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_ecdsa_sk
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_ed25519
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_ed25519_sk
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_xmss
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
MACHINE_1+USER1#192.168.77.45: Permission denied (publickey,keyboard-interactive).
I was wondering if there was not a confusion between the two ".ssh" directories:
C:\cygwin64\home\USER1\.ssh\ and C:\Users\USER1\.ssh\
Personally, I always usually deal with the C:\cygwin64\home\USER1\.ssh\ directory... not the other one.
Also, MACHINE_1 and MACHINE_2 are two "Windows" machines with "Cygwin" installed.
On MACHINE_1, the cygwin version is 3.3.4.
On MACHINE_2, the cygwin version is 1.7.33.
Can you help me investigate what's going wrong?
============= Edit 1 ================
I installed a new Cygwin (v. 3.3.4) on MACHINE_2.
I still have the same problem.
============= Edit 2 ================
It looks like the config file is not been read.
============= Edit 3 ================
I put the config file and the machines_1_2 directory in the C:\Users\USER1\.ssh\ directory instead of the C:\cygwin64\home\USER1\.ssh\ directory.
It allowed me to SSH into MACHINE_1 without having to enter a password.
Until this day, I always used the C:\cygwin64\home\USER1\.ssh\ directory...
As I could understand:
$ set | grep HOME
HOME=/cygdrive/c/Users/USER1
/etc/passwd and /etc/group are no longer automatically generated since version 1.7.34.
In my older Cygwin configuration (the version 1.7.33), the user's home directory was set to /home/USER1 that is to say C:\cygwin64\home\USER1
I guess developers have good reasons for making such changes but for people like me it takes precious time and nerves to fix the problems and that does not make my work more fun or interesting. It makes me feel stupid. My two cents.
Recent version openssh remove rsa support by default, so you should enable it in your ssh config:
$ cat ~/.ssh/config
Host *
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
I cannot connect to the server I get the following error message:
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to login-thinking.hpc.kuleuven.be [134.58.8.41] port 22.
debug1: Connection established.
debug1: identity file /home/emiellanckriet/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/emiellanckriet/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emiellanckriet/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emiellanckriet/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emiellanckriet/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emiellanckriet/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emiellanckriet/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emiellanckriet/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version sshr
debug1: no match: sshr
debug1: Authenticating to login-thinking.hpc.kuleuven.be:22 as 'vsc32452'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:CWFbFs7K9n0JM83sRWimMYY7Ie+f1QJmmvBUS1gVHig
debug1: Host 'login-thinking.hpc.kuleuven.be' is known and matches the ECDSA host key.
debug1: Found key in /home/emiellanckriet/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:ebUgOZfhmGQlWbnTz1/IVgyPTlLBSSPN0lqyLpPxSSc /home/emiellanckriet/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /home/emiellanckriet/.ssh/id_dsa
debug1: Trying private key: /home/emiellanckriet/.ssh/id_ecdsa
debug1: Trying private key: /home/emiellanckriet/.ssh/id_ed25519
debug1: No more authentication methods to try.
vsc32452#login-thinking.hpc.kuleuven.be: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
The public key needed is stored in ~/.ssh/id_rsa.pub, however the first debug message say that there is no such file or directory.
I am working on the Windows Subsystem for Linux.
Does someone know what the problem is?
Turns out there was not really a problem, I had uploaded my public key and apparently this still had to be processed on the server. Trying exactly the same the next morning worked for me.
I followed this document to setup my SSH authentication https://kgcoe-git.rit.edu/help/ssh/README#generating-a-new-ssh-key-pair
It has worked before but this time on a new setup I get Permission denied (publickey) error
Below is the debug output from the ssh command
ankushko#node-0:~/Code$ sudo ssh -vT git#pc3.instageni.utc.edu
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pc3.instageni.utc.edu [150.182.135.23] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to pc3.instageni.utc.edu:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:BUPmhA1nWbH8Zq0cg4uohS3L/Vo4uOZ8PLrdUYf3ano
debug1: Host 'pc3.instageni.utc.edu' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
Keys
ankushko#node-0:~$ sudo ls ~/.ssh/
authorized_keys id_rsa id_rsa.pub known_hosts
Update: Tried without sudo
ankushko#node-0:~$ ssh -vT git#pc3.instageni.utc.edu
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pc3.instageni.utc.edu [150.182.135.23] port 22.
debug1: Connection established.
debug1: identity file /users/ankushko/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to pc3.instageni.utc.edu:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:BUPmhA1nWbH8Zq0cg4uohS3L/Vo4uOZ8PLrdUYf3ano
debug1: Host 'pc3.instageni.utc.edu' is known and matches the RSA host key.
debug1: Found key in /users/ankushko/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /users/ankushko/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /users/ankushko/.ssh/id_dsa
debug1: Trying private key: /users/ankushko/.ssh/id_ecdsa
debug1: Trying private key: /users/ankushko/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
Thanks in advance.
I solved git#gitlab.com: Permission denied (publickey) issue by following these steps:
RUN cat ~/.ssh/id_rsa.pub
Copy id_rsa.pub (public key) to your getlab `Setting -> SSH Keys
RUN cat ~/.ssh/id_rsa
Copy id_rsa (private key) to `Code_repo->git_auth->id_rsa (private keys local file)
NOTE: Take care of the machine user if you are using root user in your DockerFile or anywhere else then use sudo su before running the above commands to get root user public and private keys.
The command:
sudo ssh -vT git#pc3.instageni.utc.edu
is running as root and will use /root/.ssh/config and a private ssh key from that same directory, e.g. /root/.ssh/id_rsa. In the command:
sudo ls ~/.ssh/
the shell, probably bash, will expand ~ to your home directory before it even calls sudo (prove this with sudo echo ~), so it will display files from your home directory, probably /home/ankushko.
Can I ask why you are running these command with sudo? Would it work to just connect as a normal user? That would be more secure, but sometimes there is a need to run things as root.
Either way, you need to make sure the private ssh key that you are actually using matches the public ssh key on the server.
I can't push to bitbucket.org anymore.
I have checked the public key is still at bitbucket.
As suggested elsewhere I tried GIT_SSH_COMMAND='ssh -v' git push
and got this result.
I wonder if some options have changed with the latest update to ssh
Everything seems fine (to me), yet git push fails with Authentication failed.
OpenSSH_7.4p1 Debian-10+deb9u4, OpenSSL 1.0.2l 25 May 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to bitbucket.org [2406:da00:ff00::22cd:e0db] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u4
debug1: Remote protocol version 2.0, remote software version conker_1.1.15 49a70a8 app-155
debug1: no match: conker_1.1.15-49a70a8 app-155
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:13
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
Authentication failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
```
Even though the public key was already on bitbucket, and the public and private keys seemed to match, using some suggestions here, I made a new keypair, and made a special key for git#bitbucket.org in /etc/.ssh/config
Now I have my access back.
I installed cygwin and configured openssh (ssh-host-config -y) on a Windows machine. Now from a Linux on the network I have a strange behavior:
without .ssh (on the Linux), I successfully connect with password
with .ssh (and my public key on the .ssh/authorized_keys of the Windows, I failed (and it doesn't ask me password):
ssh -v M3D#ipinria029
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /home/lionel/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ipinria029 [10.0.31.29] port 22.
debug1: Connection established.
debug1: identity file /home/lionel/.ssh/id_rsa type -1
debug1: identity file /home/lionel/.ssh/id_rsa-cert type -1
debug1: identity file /home/lionel/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/lionel/.ssh/id_dsa-cert type -1
debug1: identity file /home/lionel/.ssh/id_ecdsa type -1
debug1: identity file /home/lionel/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7
debug1: match: OpenSSH_6.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 2a:4a:bc:24:bc:9e:c6:17:bb:f1:54:e1:03:df:7e:d4
debug1: Host 'ipinria029' is known and matches the ECDSA host key.
debug1: Found key in /home/lionel/.ssh/known_hosts:43
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /home/lionel/.ssh/id_dsa
Connection closed by 10.0.31.29
Any suggestions?
Can you try moving your config and ssh_config files in ~/.ssh to a different location (temporarily)? I have a feeling that your config could be messing with it...
Other than that, could you please make sure that the authorized_keys in your windows is EXACTLY what is in ~/.ssh/id_dsa.pub on your linux machine?
If that dosent work, try running ssh-keygen, and putting the id_rsa file in the authorized hosts. (this will overwrite ~/.ssh/id_rsa) I've never used dsa for ssh keys before, I've always used RSA.