我想在服务器上使用gitolite作为我的git文件夹。我用教程搜索了很多博客,但是没有找到一些与服务器连接正确的例子。
所以,我添加了一个新的用户gitolite,我创建了主目录/ home / gitolite。我在/ home / gitolite / bin上安装了gitolite,我使用ssh-key进行了设置。
在我的电脑上,我成功克隆了gitolite-admin并生成了新的ssh-keys(test,test.pub),它们保存在.ssh /:
honza@honza-sg:~$ ls .ssh/t*
.ssh/test .ssh/test.pub
next:将'test.pub'复制到keydir并修改gitolite.conf:
honza@honza-sg:~$ ls -l gitolite-admin/keydir/
-rw-rw-r-- 1 honza honza 396 bře 18 16:46 gitolite.pub
-rw-r--r-- 1 honza honza 396 bře 18 20:39 test.pub
honza@honza-sg:~$ cat gitolite-admin/conf/gitolite.conf
repo gitolite-admin
RW+ = gitolite
repo work
RW+ = test
我将此更改推送到服务器:
honza@honza-sg:~/gitolite-admin$ git add .
honza@honza-sg:~/gitolite-admin$ git commit -m 'add test user'
[master bff8df5] add test user
2 files changed, 2 insertions(+), 10 deletions(-)
create mode 100644 keydir/test.pub
honza@honza-sg:~/gitolite-admin$ git push
Counting objects: 10, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (6/6), 774 bytes, done.
Total 6 (delta 1), reused 0 (delta 0)
remote: Initialized empty Git repository in /home/gitolite/repositories/work.git/
To gitbox:gitolite-admin
3102ec2..bff8df5 master -> master
我猜,这是一个正确的程序。现在,我需要克隆新的git存储库。在.ssh / config我有这个:
honza@honza-sg:~$ cat .ssh/config
Host gitbox
User gitolite
Hostname 192.168.1.10
Port 22
IdentityFile ~/.ssh/gitolite
Host gittest
User test
Hostname 192.168.1.10
Port 22
IdentityFile ~/.ssh/test
克隆命令:
honza@honza-sg:~/temp$ git clone gittest:work
问题出在这里:
Cloning into 'work'...
test@192.168.1.10's password:
Permission denied, please try again.
test@192.168.1.10's password:
Permission denied, please try again.
test@192.168.1.10's password:
Permission denied (publickey,password).
fatal: The remote end hung up unexpectedly
为什么要问我密码?当我生成密钥时,我没有插入密码(我只按了两次“输入”)。
感谢您的帮助,对不起我的英语:)
编辑:
ssh -vvvT gittest:
honza@honza-sg:~/temp$ ssh -vvvT gittest
OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /home/honza/.ssh/config
debug1: /home/honza/.ssh/config line 6: Applying options for gittest
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.10 [192.168.1.10] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/honza/.ssh/test" as a RSA1 public key
debug1: identity file /home/honza/.ssh/test type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/honza/.ssh/test-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-3ubuntu1
debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.168.1.10" from file "/home/honza/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/honza/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA d6:32:05:31:ea:3a:30:45:31:99:ca:90:b3:53:cb:75
debug3: load_hostkeys: loading entries for host "192.168.1.10" from file "/home/honza/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/honza/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host '192.168.1.10' is known and matches the ECDSA host key.
debug1: Found key in /home/honza/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/honza/.ssh/test (0x7fa857d08e60)
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/honza/.ssh/test
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
test@192.168.1.10's password:
答案 0 :(得分:2)
您仍然需要使用gitolite用户进行登录。 Gitolite将测试用户的密钥设置为授权密钥,并且它知道允许测试用户访问的内容。所以这个:
Host gittest
User test
Hostname 192.168.1.10
Port 22
IdentityFile ~/.ssh/test
应该是这样的:
Host gittest
User gitolite
Hostname 192.168.1.10
Port 22
IdentityFile ~/.ssh/test
答案 1 :(得分:0)
您可以查看ssh -vT gittest的结果,了解它为什么要求输入密码 请参阅“Unable to Git-push master to Github”
中的调试会话示例确保您在honza-sg
和gitolite服务器.ssh
目录上为ssh密钥提供了正确的保护。
请参阅“Git SSH authentication”:主要问题通常是.ssh
或其任何父目录上的可写组。