logo标签列表

Gitlab在为git用户推送时提示输入密码

gitsshgitlabgit-shell
39

我在我的Linode服务器上安装了GitLab。所有GitLab的服务都非常出色。我能够登录、创建用户、仓库等等。 但是我遇到的问题是,当我尝试推送一个仓库时,它会提示输入git用户的密码:

git@gitlab.myserver.com's password

我已按照以下链接的说明安装了GitLab:https://github.com/gitlabhq/gitlabhq/blob/master/doc/install/installation.md,并使用在安装指南中提到的以下命令禁用了名为 git 的用户的登录:

sudo adduser --disabled-login --gecos 'GitLab' git

我正在使用 GitLab 版本 6。可能出了什么问题?

运行 ssh -Tvvv git@gitlab.myserver.com 的输出如下:

OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to gitlab.myserver.com [MY_IP] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/swaroop/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/swaroop/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/swaroop/.ssh/id_rsa-cert type -1
debug1: identity file /home/swaroop/.ssh/id_dsa type -1
debug1: identity file /home/swaroop/.ssh/id_dsa-cert type -1
debug1: identity file /home/swaroop/.ssh/id_ecdsa type -1
debug1: identity file /home/swaroop/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "gitlab.myserver.com" from file "/home/swaroop/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/swaroop/.ssh/known_hosts:92
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 92:57:61:35:b1:e2:16:3b:7f:ae:e7:8a:dc:0c:98:83
debug3: load_hostkeys: loading entries for host "gitlab.myserver.com" from file "/home/swaroop/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/swaroop/.ssh/known_hosts:92
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "MY_IP" from file "/home/swaroop/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/swaroop/.ssh/known_hosts:93
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'gitlab.myserver.com' is known and matches the ECDSA host key.
debug1: Found key in /home/swaroop/.ssh/known_hosts:92
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/swaroop/.ssh/id_rsa (0x7fd470589410)
debug2: key: /home/swaroop/.ssh/id_dsa ((nil))
debug2: key: /home/swaroop/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/swaroop/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/swaroop/.ssh/id_dsa
debug3: no such identity: /home/swaroop/.ssh/id_dsa
debug1: Trying private key: /home/swaroop/.ssh/id_ecdsa
debug3: no such identity: /home/swaroop/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
git@gitlab.myserver.com's password:

当我运行以下命令时,输出如下:rvmsudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production

System information
System:     Ubuntu 12.04
Current User:   git
Using RVM:  yes
RVM Version:    1.22.3
Ruby Version:   2.0.0p247
Gem Version:    2.0.7
Bundler Version:1.3.5
Rake Version:   10.1.0

GitLab information
Version:    6.0.0
Revision:   6c1c284
Directory:  /home/git/gitlab
DB Adapter: mysql2
URL:        http://gitlab.myserver.com
HTTP Clone URL: http://gitlab.myserver.com/some-project.git
SSH Clone URL:  git@gitlab.myserver.com:some-project.git
Using LDAP: no
Using Omniauth: no

GitLab Shell
Version:    1.7.0
Repositories:   /home/git/repositories/
Hooks:      /home/git/gitlab-shell/hooks/
Git:        /usr/bin/git
可能是重复的问题:GitLab需要git@localhost密码才能推送到仓库 - Ciro Santilli OurBigBook.com
8个回答
20

我曾经遇到过同样的问题,但原因是我的服务器只接受"sshusers"用户进行ssh登录。

/etc/ssh/sshd_config文件中,我有以下这一行:

AllowGroups sshusers

为了解决这个问题,我将git添加到sshusers组中:

$ sudo adduser git sshusers

然后它就可以工作了。

1
我甚至没有一个名叫git的用户。 - Marian Klühspies
@Nachbar90:你应该这么做,这是安装过程的一部分。 - Kgaut
3
我在/etc/ssh/sshd_config中没有找到AllowGroups,但有AllowUsers,我只是将git添加到列表中,然后一切都正常了!感谢您给我正确的指引! - JDWardle
16

这应该只意味着:

  • 要么公共SSH密钥在用户帐户中注册不正确

https://intranet.5amsolutions.com/download/attachments/24610136/Git3.png?version=1&modificationDate=1349371375213

  • 和/或公共/私有SSH密钥无法从用户帐户访问(~/.ssh受到错误保护,名称与id_rsa, id_rsa.pub不匹配,不正确的~/.ssh/config文件等)。 例如见 "Git SSH身份验证"。

OP swaroopsm评论:

我通过重新安装服务器上的gitlab解决了问题。现在一切都好了。

4
请确认本地保护问题。你能否在客户端的命令行中成功执行简单的“ssh -T git@gitlab.myserver.com”命令?如果不能,请检查“ssh -Tvvv git@gitlab.myserver.com”的输出结果。 - VonC
@swaroopsm 你确定你有一个 /home/swaroop/.ssh/id_rsa 文件吗?并且它有正确的保护措施吗?你的公钥是否在 gitlab 服务器的 ~git/.ssh/authorized_keys 中可见? - VonC
我有一个id_rsa.pub,因为我在将代码推送到GitHub时没有问题。但是我无法将其推送到我的服务器上。在我的服务器上,/home/git/.ssh需要什么文件权限? - swaroopsm
不,我在~git/.ssh.authorized_keys中看不到我的公钥。 - swaroopsm
1
我重新生成了我的ssh密钥,使用ssh-keygen命令,并将其重新添加到Gitlab设置中; 这已经生效。 - Nate Anderson
显示剩余18条评论
9

当我使用HTTP URL设置远程仓库时,我遇到了类似的问题。

我将其更改为使用SSH URL,并且它正常工作:

git remote set-url gitlab git@gitlab.devekko.net:niccolox/cirm-website.git
我和楼主遇到了同样的问题。我在RHEL和Mac OS上都使用http URL。在Mac OS上,它没有要求密码。但是在RHEL上,它要求密码。所以,按照建议更改如下命令可以解决问题:git remote set-url origin <new git@ url> https://<old https url> - D. Woods
8
在我的情况下,我需要使用ssh添加远程仓库,如下所示:
git remote add gitlab ssh://git@your.project:222/git/repo_name.git

这使得git不再要求我输入密码。请注意使用ssh://port=222

那是我的问题,忘记改端口了 :\ - JustADev
6
在启用SELinux的系统上,不应像某些答案中建议的那样禁用SELinux。为了遵循SELinux的限制(如果它们是密码提示的原因;请检查您的/var/log/audit/audit.log),更改gitlab的安全上下文。
chcon -t user_home_dir_t /var/opt/gitlab/
chcon -t ssh_home_t /var/opt/gitlab/.ssh/
chcon -t ssh_home_t /var/opt/gitlab/.ssh/authorized_keys

(如建议在GitLab小组中

请注意,chcon仅是临时的,不会在重新标记或恢复上生效。 - Andy Fraley
1
为了正确解决selinux问题,请使用以下方法。请注意,chcon只是暂时的,并且在重新标记或restorecon后将无法保存,因此您应该使用semanage。
semanage fcontext -a -t user_home_dir_t "/var/opt/gitlab(/.*)?"
semanage fcontext -a -t ssh_home_t "/var/opt/gitlab/.ssh(/.*)?"
restorecon -rv /var/opt/gitlab
0

我尝试了很多选项,但都没有成功。 唯一解决我的方法是osxkeychain helper

在这里查看教程here

这个教程来自github,但对于gitlab也非常有效。

-6
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接