Gitlab，权限被拒绝（公钥），版本6-4稳定

Question

Gitlab，权限被拒绝（公钥），版本6-4稳定

19

权限被拒绝（publickey）。致命错误：无法从远程存储库读取。

请确保您具有正确的访问权限并且该存储库存在。

Gitlab版本为6-4稳定版

root@gitlab:/home/git/gitlab# sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production

System information
System:     Ubuntu 12.04
Current User:   git
Using RVM:  no
Ruby Version:   2.0.0p353
Gem Version:    2.0.14
Bundler Version:1.5.2
Rake Version:   10.1.0

GitLab information
Version:    6.4.3
Revision:   38397db
Directory:  /home/git/gitlab
DB Adapter: mysql2
URL:        http://gitlab.xxx.xxx
HTTP Clone URL: http://gitlab.xxx.xxx/some-project.git
SSH Clone URL:  git@gitlab.xxx.xxx/some-project.git
Using LDAP: no
Using Omniauth: no

GitLab Shell
Version:    1.8.0
Repositories:   /home/git/repositories/
Hooks:      /home/git/gitlab-shell/hooks/
Git:        /usr/bin/git



root@gitlab:/home/git/gitlab# sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production

Checking Environment ...

Git configured for git user? ... yes
Has python2? ... yes
python2 is supported version? ... yes

Checking Environment ... Finished

Checking GitLab Shell ...

GitLab Shell version >= 1.7.9 ? ... OK (1.8.0)
Repo base directory exists? ... yes
Repo base directory is a symlink? ... no
Repo base owned by git:git? ... yes
Repo base access is drwxrws---? ... yes
update hook up-to-date? ... yes
update hooks in repos are links: ... 
Alexander  / Test ... repository is empty
Running /home/git/gitlab-shell/bin/check
Check GitLab API access: OK
Check directories and files: 
    /home/git/repositories: OK
    /home/git/.ssh/authorized_keys: OK
Test redis-cli executable: redis-cli 2.2.12
Send ping to redis server: PONG
gitlab-shell self-check successful

Checking GitLab Shell ... Finished

Checking Sidekiq ...

Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking LDAP ...

LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab ...

Database config exists? ... yes
Database is SQLite ... no
All migrations up? ... yes
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Init script exists? ... yes
Init script up-to-date? ... yes
projects have namespace: ... 
Alexander  / Test ... yes
Projects have satellites? ... 
Alexander  / Test ... can't create, repository is empty
Redis version >= 2.0.0? ... yes
Your git bin path is "/usr/bin/git"
Git version >= 1.7.10 ? ... yes (1.8.5)

Checking GitLab ... Finished

尝试推送：

root@gitlab:/home/git/repositories/test# git push origin master

权限被拒绝（公钥）。致命错误：无法从远程仓库读取。请确保您具有正确的访问权限和存储库存在。

shh -vv git@xxx.xxx

 alex@xxxxxxx:~$ ssh -vv git@gitlab.xxx.xxx
OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to gitlab.xxx.xxx [192.168.0.40] port 22.
debug1: Connection established.
debug1: identity file /home/alex/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2047
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2047
debug1: identity file /home/alex/.ssh/id_rsa-cert type -1
debug1: identity file /home/alex/.ssh/id_dsa type -1
debug1: identity file /home/alex/.ssh/id_dsa-cert type -1
debug1: identity file /home/alex/.ssh/id_ecdsa type -1
debug1: identity file /home/alex/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Host 'gitlab.xxx.xxx' is known and matches the ECDSA host key.
debug1: Found key in /home/alex/.ssh/known_hosts:30
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/alex/.ssh/id_rsa (0x7f8d86afa4f0),
debug2: key: /home/alex/.ssh/id_dsa ((nil)),
debug2: key: /home/alex/.ssh/id_ecdsa ((nil)),
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/alex/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 276
debug2: input_userauth_pk_ok: fp xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Authentication succeeded (publickey).
Authenticated to gitlab.xxx.xxx ([192.168.0.40]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env LC_PAPER = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_ADDRESS = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_MONETARY = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_NUMERIC = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_TELEPHONE = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_IDENTIFICATION = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_MEASUREMENT = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_TIME = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug1: Sending env LC_NAME = de_DE.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 100 id 0
PTY allocation request failed on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to GitLab, Anonymous!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
Connection to gitlab.xxx.xxx closed.
Transferred: sent 4088, received 2432 bytes, in 0.3 seconds
Bytes per second: sent 14872.5, received 8847.8
debug1: Exit status 0

alex@xxxxx:~$ ssh git@gitlab.xxx.xxx 通道0上的PTY分配请求失败 欢迎来到GitLab，匿名用户！与gitlab.xxx.xx的连接已关闭。

我尝试使用5.4稳定版，在生产服务器上遇到了同样的问题。

但是出于兴趣，当我在虚拟机中安装了5.4并在本地测试服务器上运行时，它可以正常工作。现在我已经进行了比较，但它无法在生产服务器上推送。看起来这个问题与SSH有关。

我已经搜索了很多，但我尝试的所有解决方案在我的情况下都没有起作用。我已经没有任何想法了，感觉这是某种软件错误......

我将非常感谢任何帮助。提前致谢！此致， Alex

- Alexander

可能是Getting permission denied (public key) on gitlab的重复问题。 - Muhammad Laraib Khan

7个回答

9

在搜索了很多后，我找到了这个方法。对我来说完美地解决了问题。

打开“Git Bash”，就像打开cmd一样。
输入ssh-keygen
按回车键。
它会询问您将密钥保存到特定目录。
按回车键。它会提示您输入密码或不带密码。
公钥将被创建到特定目录中。
现在进入该目录并打开.ssh文件夹。
您会看到一个名为id_rsa.pub的文件。在记事本中打开它。复制其中的所有文本。
进入https://gitlab.com/profile/keys。
将复制的文本粘贴到“key”文本框中。
现在单击下面的“Title”。它将自动填充。
然后单击“Add key”。

现在尝试一下，它肯定会起作用。

- Muhammad Laraib Khan

2

请不要在多个问题中添加相同的答案。请回答最好的一个，并将其余标记为重复。参见在几个问题上添加重复答案是否可接受？。 - FelixSFD

7

你好，我遇到了类似的问题（在新创建的用户中添加新的ssh密钥后）我通过重新生成已损坏的authorized_keys文件来解决了这个问题。

cd /home/git/gitlab

sudo -u git -H bundle exec rake gitlab:shell:setup RAILS_ENV=production
This will rebuild an authorized_keys file.
You will lose any data stored in authorized_keys file.
Do you want to continue (yes/no)? yes

- hithwen

谢谢您的回复！不幸的是，这对我没有用。所有的信息都是“在通道0上分配PTY请求失败”。 - Alexander

那我建议在 GitHub 上提交一个问题，他们往往会很快回答：https://github.com/gitlabhq/gitlabhq/issues?labels=Merge+requests&page=1&state=open - hithwen

Hithwen，非常感谢！我的问题现在也已经在GitHub上了 https://github.com/gitlabhq/gitlabhq/issues/6104 - Alexander

同样的问题，使用Turnkey Linux虚拟机。这个答案对我有用。在我的情况下，不需要手动触碰/home/git/repositories/.ssh/authorized_keys。 - Odj fourth

2

我曾回答过一个类似的问题，

为什么SSH连接到GitLab不能工作（而HTTP推送和克隆却可以正常工作）？

其中涉及将您的公钥添加到

/home/git/repositories/.ssh/authorized_keys

- robor

1

打开终端并生成公钥：

ssh-keygen -t rsa -C "yourmail@mail.com" -b 4096

前往系统中的SSH RSA文件夹：在Mac上，前往“前往文件夹”并键入以下地址：

~/.ssh

然后使用文本编辑器打开它并复制密钥。

然后转到GitLab设置SSH密钥并将其粘贴在这里https://gitlab.com/profile/keys/2346923。

然后再试一次。

git push -u origin master

- Farbod Aprin

0

在存储库中添加 .ssh 文件夹对我有用，所以我已经这样做了：

sudo -u git -H ln -s /home/git/.ssh /home/git/repositories/

现在所有用户都可以从GitLab网站添加密钥并使用SSH。

- Hélio

0

确保您本地已经存在一个SSH密钥对。

进入您的主目录，然后进入.ssh/子目录。如果.ssh/子目录不存在，则您要么不在主目录中，要么之前没有使用过ssh。

如果不存在，则需要在.ssh/子目录中生成SSH密钥对：

cd ~
cd .ssh/
ssh-keygen -t ed25519 -C "<comment>"

然后只需按Enter键即可完成。

- 无夜之星辰

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Tomer Ben David · Accepted Answer

尝试使用 https 而不是 ssh 地址进行推送，这可以避免很多麻烦。例如，请使用以下命令：

git remote add origin https://gitlab.com/someuser/algorithm-excercises.git

而不是：

git remote add origin git@gitlab.com:someuser/algorithm-excercises.git