如何使用GitLab的公钥正确进行git克隆?

huangapple go评论65阅读模式
英文:

How to properly git clone with public key from gitlab?

问题

我在我们本地的Gitlab实例上有一个gitlab项目,并且我的帐户已配置为具有公钥。

奇怪的是,当我尝试从客户端主机“git clone (...)"一个我有正确权限的项目时,gitlab会要求输入密码,即使应该选择我的SSH密钥,而不管客户端SSH配置文件中配置了什么。

git命令

git clone git@my_host.tld:username/project.git
正在克隆到 'project'...
git@my_host.tld's password:

~/.ssh/config

Host my_host.tld
        Hostname my_host.tld
        IdentityFile /root/.ssh/gitlab_key
        Preferredauthentications publickey

当我尝试使用常规命令进行SSH时,它可以工作:

ssh命令

ssh -vT -i .ssh/my_host.tld

debug1: 下一个身份验证方法:publickey
debug1: 提供RSA公钥:.ssh/gitlab_key
debug1: 服务器接受密钥:pkalg rsa-sha2-512 blen 535
debug1: 身份验证成功(公钥)。
已验证到 my_host.tld ([XX.XX.XX.XX]:22)。
debug1: 通道 0: new [client-session]
debug1: 请求 no-more-sessions@openssh.com
debug1: 进入交互式会话。
debug1: 承诺:网络
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: 强制命令。
debug1: Remote: 禁用端口转发。
debug1: Remote: 禁用X11转发。
debug1: Remote: 禁用代理转发。
debug1: Remote: 禁用PTY分配。
debug1: Remote: 强制命令。
debug1: Remote: 禁用端口转发。
debug1: Remote: 禁用X11转发。
debug1: Remote: 禁用代理转发。
debug1: Remote: 禁用PTY分配。
debug1: 发送环境。
debug1: 发送 env LANG = xx_X.UTF-8
欢迎来到GitLab,@username!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
已传输:已发送 3600,已接收 3464 字节,在 0.5 秒内
每秒字节:已发送 6808.3,已接收 6551.1
debug1: 退出状态 0

我漏掉了什么?如何让git选择我的SSH密钥而不是密码身份验证方法?

英文:

I have a gitlab projet on our local Gitlab instance configured and my account is set with a public key.

Strangely when I try to "git clone (...)" a project for which I have the correct permission from a client host, gitlab asks for a password even if it should pick my SSH key, no matter what is configured in my client SSH config file.

git command

git clone git@my_host.tld:username/project.git
Cloning into 'project'...
git@my_host.tld's password:

~/.ssh/config

Host my_host.tld
        Hostname my_host.tld
        IdentityFile /root/.ssh/gitlab_key
        Preferredauthentications publickey

When I try to ssh using a regular command, it works:

ssh command

ssh -vT -i .ssh/my_host.tld

debug1: Next authentication method: publickey
debug1: Offering RSA public key: .ssh/gitlab_key
debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
debug1: Authentication succeeded (publickey).
Authenticated to my_host.tld ([XX.XX.XX.XX]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: PTY allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: PTY allocation disabled.
debug1: Sending environment.
debug1: Sending env LANG = xx_X.UTF-8
Welcome to GitLab, @username!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3600, received 3464 bytes, in 0.5 seconds
Bytes per second: sent 6808.3, received 6551.1
debug1: Exit status 0

What have I missed? How to make git pick my SSH key instead of the password authentication method?

答案1

得分: 1

扩展我的评论为答案:

您在发布的~/.ssh/config中指定了/root/.ssh/gitlab_key。用户~/.ssh文件夹应该仅具有0700模式;这意味着只有该用户可以访问文件夹或其任何内容。我在这里假设您是以自己的身份运行此命令,而不是以root身份,因为您不应该将root用于日常工作。

至少,您需要更新您的~/.ssh/config以引用您自己的密钥 - 与您的ssh -Tv命令一起使用的密钥:

Host my_host.tld
  IdentityFile ~/.ssh/my_host.tld
英文:

Expanding my comment to an answer:

You're specifying /root/.ssh/gitlab_key in the posted ~/.ssh/config. User ~/.ssh folders should only have mode 0700; this means that only that user can access the folder or any of its contents. I'm presuming here that you're running this command as yourself, and not as root, because you shouldn't use root for day-to-day work.

At minimum, you'll need to update your ~/.ssh/config to reference your own key - the one that your ssh -Tv command worked with:

Host my_host.tld
  IdentityFile ~/.ssh/my_host.tld

huangapple
  • 本文由 发表于 2023年4月6日 21:11:18
  • 转载请务必保留本文链接:https://go.coder-hub.com/75949925.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定