Fedora / GitLab SSH отклонен, помогите понять подробные журналы - PullRequest
Новая
       22

Fedora / GitLab SSH отклонен, помогите понять подробные журналы

0 голосов
/ 20 ноября 2018

Мое ssh-соединение с gitlab не работает на моей коробке fedora 28, без запроса пароля.Это мешает мне успешно запускать необходимые команды git.Я тщательно исследовал это в SO и Googs, но, похоже, ничто из того, что я нашел, не работает для моей проблемы, что более важно, помогает объяснить различные разделы журнала 'vvv'.

Настройка

Selinux = отключено

Каталог SSH: /home/justin/.ssh 

    drwx------   2 justin   root  4096 Nov 19 22:16  .ssh

Шаг 1) Создайте ключи: ssh-keygen -t rsa -b 4096 -C "j.r.schwimmer@domain.com"

Я принимаю местоположение по умолчанию и затем ввожу парольную фразу, создавая: 

    -rw------- 1 justin root 3326 Nov 19 22:16 id_rsa

    -rw-r--r-- 1 justin root  749 Nov 19 22:16 id_rsa.pub

Шаг 2) Получите содержимое файла id_rsa.pub и добавьте ключ в раздел Gitlabs SSH, убедившись, что открытый ключ весь введен в форму Gitlabs.

Шаг3) Убедитесь, что ssh-agent запущен: eval "$(ssh-agent -s)"

Шаг 4) Добавьте закрытый ключ: ssh-add /home/justin/.ssh/id_rsa

Шаг 5) Запустите команду ssh: ssh -vvvT justin@gitlab.domainname.net Подтверждение того, что соединение должно создать известный файл hosts

Шаг 6) Плакать, увидев:justin@gitlab.domainname.net: Permission denied (publickey)

Подробный журнал (vvv)

Загружает настройки конфигурации, включая те, которые находятся в gitlab.conf: 

OpenSSH_7.7p1, OpenSSL 1.1.0h-fips  27 Mar 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/gitlab.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/gitlab.conf

Устанавливает соединение: 

debug2: resolving "gitlab.domainname.net" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to gitlab.domainname.net [17.17.17.17] port 22.
debug1: Connection established.

Раздел Identity File ... (Не уверен, что он делает?) 

debug1: identity file /home/justin/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/justin/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/justin/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
            ...checking others
debug1: identity file /home/justin/.ssh/id_xmss-cert type -1

Больше журналов, которые связаны с рукопожатием (я думаю?) / known_hosts setup: 

debug1: Local version string SSH-2.0-OpenSSH_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.1
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to gitlab.domainname.net:22 as 'justin'
debug3: hostkeys_foreach: reading file "/home/justin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/justin/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from gitlab.domainname.net
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31

Проверка известного хоста: 

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:hyO5F3tsdf34PQGAYYhmoGW5J/leBnC0hj3IoE1F68
debug3: hostkeys_foreach: reading file "/home/justin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/justin/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from gitlab.domainname.net
debug3: hostkeys_foreach: reading file "/home/justin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/justin/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 17.17.17.17
debug1: Host 'gitlab.domainname.net' is known and matches the ECDSA host key.
debug1: Found key in /home/justin/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0

Окончательная проверка подлинности: 

debug1: rekey after 4294967296 blocks
debug2: key: /home/justin/.ssh/id_rsa (0x55d580f2caf0), agent
debug2: key: /home/justin/.ssh/id_dsa ((nil))
debug2: key: /home/justin/.ssh/id_ecdsa ((nil))
debug2: key: /home/justin/.ssh/id_ed25519 ((nil))
debug2: key: /home/justin/.ssh/id_xmss ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:xbGUrKDgYhF34QYM1s20flfoVcjegZpbMwDDbpTmF1c /home/justin/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51

(A) Отвечает ли раздел авторизации ниже за общий сбой? (B) Кажется, что после успешной попытки id_rsa пытается загрузить каждый тип ключа, это правильно? 

debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/justin/.ssh/id_dsa
debug3: no such identity: /home/justin/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/justin/.ssh/id_ecdsa
debug3: no such identity: /home/justin/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/justin/.ssh/id_ed25519
debug3: no such identity: /home/justin/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/justin/.ssh/id_xmss
debug3: no such identity: /home/justin/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
justin@gitlab.domainname.net: Permission denied (publickey).

Неудачные тесты

  • I 'я пытался настроить все это как пользователь root ... не удалось
  • изменить владельца файлов ключей, группы и разрешения ... не удалось
  • я пробовал ключи разных типов (id_ecdsa) ... fail

  • Я попытался добавить файл конфигурации в /etc/ssh/ssh_config.d/, который содержал следующее: 

    Host gitlab.com
   StrictHostKeyChecking no
   LogLevel VERBOSE

Дополнительные вопросы

(C) debug1: identity file /home/justin/.ssh/id_rsa type 0: строка в «разделе файла идентификации», это значение 0 должно быть 2?Что означает это значение, количество найденных файлов ключей для каждого типа?

(D) Я не могу найти файл auth.log (или какой-либо протокол для ssh)в пределах: /var/log/, почему это может быть или как я могу это исправить (Fedora 28)?

Спасибо за ваше время!

ОБНОВЛЕНО: подробный журнал (vvvv) 

OpenSSH_7.7p1, OpenSSL 1.1.0h-fips  27 Mar 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/gitlab.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/gitlab.conf
debug1: /etc/ssh/ssh_config.d/gitlab.conf line 2: Applying options for gitlab.domainname.net
debug2: resolving "gitlab.domainname.net" port 22
debug2: ssh_connect_direct: needpriv 0                                                                                                
debug1: Connecting to gitlab.domainname.net [17.17.17.17] port 22.                                                                     
debug1: Connection established.                                                                                                       
debug1: identity file /home/justin/.ssh/id_rsa type 0                                                                                 
debug1: key_load_public: No such file or directory                                                                                    
debug1: identity file /home/justin/.ssh/id_rsa-cert type -1                                                                           
debug1: Local version string SSH-2.0-OpenSSH_7.7                                                                                      
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.1                                          
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.1 pat OpenSSH* compat 0x04000000                                                         
debug2: fd 3 setting O_NONBLOCK                                                                                                       
debug1: Authenticating to gitlab.domainname.net:22 as 'justin'                                                                           
debug3: hostkeys_foreach: reading file "/home/justin/.ssh/known_hosts"                                                                
debug3: record_hostkey: found key type ECDSA in file /home/justin/.ssh/known_hosts:1                                                  
debug3: load_hostkeys: loaded 1 keys from gitlab.domainname.net                                                                          
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521                                       
debug3: send packet: type 20                                                                                                          
debug1: SSH2_MSG_KEXINIT sent                                                                                                         
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:hyO5F3t2OPc2nPQGAYYhmoGW5J/leBnC0hj3IoE1F68
debug3: hostkeys_foreach: reading file "/home/justin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/justin/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from gitlab.domainname.net
debug3: hostkeys_foreach: reading file "/home/justin/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/justin/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 17.17.17.17
debug1: Host 'gitlab.domainname.net' is known and matches the ECDSA host key.
debug1: Found key in /home/justin/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /home/justin/.ssh/id_rsa (0x55568d375a80), agent
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:xbGUrKDgYhF34QYM1s20flfoVcjegZpbMwDDbpTmF1c /home/justin/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
justin@gitlab.domainname.net: Permission denied (publickey).

1 Ответ

0 голосов
/ 24 ноября 2018

ваша папка ssh и ключ ssh выглядят хорошо , просто запустите ssh-add -l, чтобы увидеть вашу личность, затем ничего не запустите ssh-add, он настроит ключи сам, так как он установлен в каталог по умолчанию .ssh иидентифицируйте вашу личность

Используйте git имя пользователя для ssh вместо вашего имени пользователя на экземпляре Gitlab.Измените свой конфигурационный файл на этот 

    User git
       Host gitlab.com gitlab.domainname.net
       IdentityFile ~/.ssh/id_rsa
       TCPKeepAlive yes
       IdentitiesOnly yes
       LogLevel VERBOSE

, добавьте свой ключ ssh в https://gitlab.com/profile/keys и, если вы самостоятельно размещены, найдите его в меню настроек профиля.

попробуйте запустить ssh -vvvv git@gitlab.com чтобы узнать, подхватывает ли он ключ SSH.(Не используйте sudo)

Это правильный шаг, как показано выше.Ниже ваш QA

A: Ваш ключ RSA не успешно прочитан 

debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:xbGUrKDgYhF34QYM1s20flfoVcjegZpbMwDDbpTmF1c /home/justin/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51

Как я вижу, клиент ssh не может найти отдельный открытый ключ debug1: файл идентификации / home /justin / .ssh / id_rsa тип 0 debug1: key_load_public: нет такого файла или каталога

B: но ключ RSA не работает (последняя строка).поэтому он пытается загрузить ключи других типов, но их не существует, в любом случае нам просто нужен один рабочий ключ. 

debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/justin/.ssh/id_dsa
debug3: no such identity: /home/justin/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/justin/.ssh/id_ecdsa
debug3: no such identity: /home/justin/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/justin/.ssh/id_ed25519
debug3: no such identity: /home/justin/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/justin/.ssh/id_xmss
debug3: no such identity: /home/justin/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.

Перепроверьте свой статус SELINUX.Grep "отказано" в ключевом слове из журнала аудита.Нет необходимости отключать / изменять SELINUX, если заблокирован, попытаться исправить с помощью restorecon -Rv ~/.ssh

Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.

Похожие темы

...