英文:
How to properly git clone with public key from gitlab?
问题
我在我们本地的Gitlab实例上有一个gitlab项目,并且我的帐户已配置为具有公钥。
奇怪的是,当我尝试从客户端主机“git clone (...)"一个我有正确权限的项目时,gitlab会要求输入密码,即使应该选择我的SSH密钥,而不管客户端SSH配置文件中配置了什么。
git命令
git clone git@my_host.tld:username/project.git
正在克隆到 'project'...
git@my_host.tld's password:
~/.ssh/config
Host my_host.tld
Hostname my_host.tld
IdentityFile /root/.ssh/gitlab_key
Preferredauthentications publickey
当我尝试使用常规命令进行SSH时,它可以工作:
ssh命令
ssh -vT -i .ssh/my_host.tld
debug1: 下一个身份验证方法:publickey
debug1: 提供RSA公钥:.ssh/gitlab_key
debug1: 服务器接受密钥:pkalg rsa-sha2-512 blen 535
debug1: 身份验证成功(公钥)。
已验证到 my_host.tld ([XX.XX.XX.XX]:22)。
debug1: 通道 0: new [client-session]
debug1: 请求 no-more-sessions@openssh.com
debug1: 进入交互式会话。
debug1: 承诺:网络
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: 强制命令。
debug1: Remote: 禁用端口转发。
debug1: Remote: 禁用X11转发。
debug1: Remote: 禁用代理转发。
debug1: Remote: 禁用PTY分配。
debug1: Remote: 强制命令。
debug1: Remote: 禁用端口转发。
debug1: Remote: 禁用X11转发。
debug1: Remote: 禁用代理转发。
debug1: Remote: 禁用PTY分配。
debug1: 发送环境。
debug1: 发送 env LANG = xx_X.UTF-8
欢迎来到GitLab,@username!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
已传输:已发送 3600,已接收 3464 字节,在 0.5 秒内
每秒字节:已发送 6808.3,已接收 6551.1
debug1: 退出状态 0
我漏掉了什么?如何让git选择我的SSH密钥而不是密码身份验证方法?
英文:
I have a gitlab projet on our local Gitlab instance configured and my account is set with a public key.
Strangely when I try to "git clone (...)" a project for which I have the correct permission from a client host, gitlab asks for a password even if it should pick my SSH key, no matter what is configured in my client SSH config file.
git command
git clone git@my_host.tld:username/project.git
Cloning into 'project'...
git@my_host.tld's password:
~/.ssh/config
Host my_host.tld
Hostname my_host.tld
IdentityFile /root/.ssh/gitlab_key
Preferredauthentications publickey
When I try to ssh using a regular command, it works:
ssh command
ssh -vT -i .ssh/my_host.tld
debug1: Next authentication method: publickey
debug1: Offering RSA public key: .ssh/gitlab_key
debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
debug1: Authentication succeeded (publickey).
Authenticated to my_host.tld ([XX.XX.XX.XX]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: PTY allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: PTY allocation disabled.
debug1: Sending environment.
debug1: Sending env LANG = xx_X.UTF-8
Welcome to GitLab, @username!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3600, received 3464 bytes, in 0.5 seconds
Bytes per second: sent 6808.3, received 6551.1
debug1: Exit status 0
What have I missed? How to make git pick my SSH key instead of the password authentication method?
答案1
得分: 1
扩展我的评论为答案:
您在发布的~/.ssh/config中指定了/root/.ssh/gitlab_key。用户~/.ssh文件夹应该仅具有0700模式;这意味着只有该用户可以访问文件夹或其任何内容。我在这里假设您是以自己的身份运行此命令,而不是以root身份,因为您不应该将root用于日常工作。
至少,您需要更新您的~/.ssh/config以引用您自己的密钥 - 与您的ssh -Tv命令一起使用的密钥:
Host my_host.tld
IdentityFile ~/.ssh/my_host.tld
英文:
Expanding my comment to an answer:
You're specifying /root/.ssh/gitlab_key in the posted ~/.ssh/config. User ~/.ssh folders should only have mode 0700; this means that only that user can access the folder or any of its contents. I'm presuming here that you're running this command as yourself, and not as root, because you shouldn't use root for day-to-day work.
At minimum, you'll need to update your ~/.ssh/config to reference your own key - the one that your ssh -Tv command worked with:
Host my_host.tld
IdentityFile ~/.ssh/my_host.tld
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论