克隆或推送时询问密码 - docker gitlab

时间:2017-12-11 18:27:28

标签: git docker ssh passwords gitlab

我刚安装了最新版本的gitlab和docker(https://hub.docker.com/r/gitlab/gitlab-ce/)并添加了我的ssh密钥,但是当我尝试推送这个docker gitlab时它仍然要求输入密码。

  

桌面系统:window10,osx

     

服务器系统:centos 7

     

docker git(最新版本):docker pull gitlab / gitlab-ce

以下是ssh -vt输出:

$ ssh -vt git@23.234.53.236
OpenSSH_7.3p1, OpenSSL 1.0.2k  26 Jan 2017
debug1: Reading configuration data /c/Users/Nathan/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 23.234.53.236 [23.234.53.236] port 22.
debug1: Connection established.
debug1: identity file /c/Users/Nathan/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/Nathan/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/Nathan/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/Nathan/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/Nathan/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/Nathan/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/Nathan/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/Nathan/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 23.234.53.236:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:VgBduYKrMafvYg27PfLCXZmiA0vCAnz8obliVveAX+Y
debug1: Host '23.234.53.236' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/Nathan/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/Nathan/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /c/Users/Nathan/.ssh/id_dsa
debug1: Trying private key: /c/Users/Nathan/.ssh/id_ecdsa
debug1: Trying private key: /c/Users/Nathan/.ssh/id_ed25519
debug1: Next authentication method: password
git@23.234.53.236's password:

3 个答案:

答案 0 :(得分:1)

这是问题&#34; Gitlab没有将SSH密钥添加到authorized_keys,因为升级&#34; 这是解决方案:

root@int-gitlab-01:~ # gitlab-rake gitlab:shell:setup This will rebuild an authorized_keys file. You will lose any data stored in authorized_keys file. Do you want to continue (yes/no)? yes .................................................. ........................

root@int-gitlab-01:~ # su - git Last login: Mon Jul 10 09:24:30 AEST 2017 on pts/0 git@int-gitlab-01:~ # ls -la .ssh/authorized_keys -rw-------. 1 git git 43286 Jul 10 13:36 .ssh/authorized_keys

答案 1 :(得分:0)

仔细检查:

  • 您确实将content of the public key/c/Users/Nathan/.ssh/id_rsa.pub)添加到您的GitLab SSH设置帐户页面(在一行中)
  • (如果您可以访问服务器)23.234.53.236:~/git/.ssh/authorized_keys也包含该公钥。

答案 2 :(得分:0)

我刚刚在更新的版本上遇到了相同的症状,原因不同:

最新版本成功更新authorized_keys,您可以通过

确认所有内容都已正确设置
ssh -p [port_here] git@[ip_or_host_here]

(这应该连接而不需要密码但随后立即将你踢出去,因为git用户没有shell访问权限。如果要求输入密码,你需要检查你是否在GitLab上正确安装了你的公钥用户界面以及您在本地计算机上设置了私钥)

如果该命令有效,但克隆要求输入密码,这里有一个可行的解决方案对我有用:

  1. 必须才能连接到正确的主机。使用IP不会起作用。例如,如果您使用默认gitlab.example.com,则将gitlab.example.com 127.0.0.1添加到本地主机文件中。
  2. 如果您尝试使用除22之外的任何端口进行克隆,则需要修补文件:

    1. 在gitlab框中,打开/etc/gitlab/gitlab.rb(例如在vi
    2. 搜索ssh_port。你应该找到这样的一行:

      # gitlab_rails['gitlab_shell_ssh_port'] = 22

    3. 取消注释该行并将22更改为您正在使用的端口

    4. 保存此文件,然后重启docker镜像(我重新启动它,虽然我不确定是否需要)
  3. 如果主机或端口不匹配,它将无法检查您的SSH密钥,并将回退到密码安全性。我确定还有很多其他问题可能是错的,但对我而言,这两个问题的组合似乎并未在其他地方得到解释。

    您可以找到更多讨论以及其他可能的原因on this GitLab issuethis docker-gitlab issue