I can't connect to gitlab via SSH, why?

H

hottab_12020-05-20 11:50:54

linux

hottab_1, 2020-05-20 11:50:54

Good afternoon!
There is a gitlab deployed on its server, it works successfully, projects are uploaded, everything is created, the web interface also works.
Previously, it was not so often necessary to upload projects, since there were almost no edits, so when uploading to gitlab, they simply entered a username and password.
Now there is a need for frequent commits, and entering a username and password is often not very convenient.
I decided to set up authorization via SSH key.

For cleanliness, I deleted everything from the .ssh folder and did everything from scratch.
I do the following algorithm:

I create a key with the following command: ssh-keygen -t rsa -f ~/.ssh/gitlab
I copy the data from the gitlab.pub file and paste it into gitlab, the key is successfully added
Trying to clone a project asks for a password, tried to enter a password from my user - the password is not correct

The ssh -v [email protected] command produces the following:

Command ssh -v [email protected]

OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/kramdmitriy/.ssh/config
debug1: /home/kramdmitriy/.ssh/config line 1: Applying options for gitlab.iso-team.ru
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to gitlab.iso-team.ru [45.80.69.169] port 22.
debug1: Connection established.
debug1: identity file /home/kramdmitriy/.ssh/gitlab type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/kramdmitriy/.ssh/gitlab-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to gitlab.iso-team.ru:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: compression: none
debug1: kex: client->server cipher: [email protected] MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:jn3djC8AvaKRIeHzBy4wFFu1pl7TKuMDEwbreaZ5Qbs
debug1: Host 'gitlab.iso-team.ru' is known and matches the ECDSA host key.
debug1: Found key in /home/kramdmitriy/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:7rdux0TUfos0dlwQomw4RxqaJfxIbT4YmtcTfSFhIak /home/kramdmitriy/.ssh/gitlab
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

H

hottab_1, 2020-05-21
@hottab_1

Thank you all for your help, every piece of advice has definitely helped.
The solution was, as always, on the surface.
The thing was that the sshd_config file on the server , which is located at the following path: /etc/ssh in the AllowUsers line contained only one available user, added a git user under which authorization takes place and everything began to work.
The line AllowUsers after making changes began to look like this: I
AllowUsers youruser git
describe the algorithm in more detail, in case someone encounters such a problem.

Open the sshd_config file on the server located at the following path /etc/ssh
We are looking for the line AllowUsers, most likely your user will be registered there, under which authorization via SSH usually occurs. We add the git user separated by a space and the line turns out like this: AllowUsers youruser git
Save the changes
Restart sshd with the command: sudo /etc/init.d/ssh restart
We get the key for Gitlab, a lot of places describe how to do it, I did it as follows:
Enter the command on the local machine with which you will work:
ssh-keygen -t rsa -f ~/.ssh/gitlab
Then go to the .ssh folder and copy the key from the gitlab.pub file, go to the gitlab web interface and, logging in as the desired user, add the key to it.
Now let's create a config file on the local machine in the .ssh folder, it is needed to specify which key to use for which connection, since we also connect to the server via SSH.
This file has the following content:
```
Host 45.80.69.169
    IdentityFile /home/kramdmitriy/.ssh/id_rsa
    port 22
Host gitlab.iso-team.ru
    IdentityFile /home/kramdmitriy/.ssh/gitlab
    port 22
```
The first key is the key for the server, the second for the gitlab.
Save the file and try to connect to gitlab via SSH

V

Valentine, 2020-05-21
@ProFfeSsoRr

Look, you have a machine running gitlab. And there is an ssh server on this machine. And you get into it. And you need to get into the ssh server of the gitlab itself, which knows about your git projects. The easiest way is to move the machine's ssh server to a non-standard port.

D

Dmitry, 2020-05-20
@hempy80

The system user and the gitlab user are two different users. Instruction

S

Sergey Ch, 2020-05-20
@ZooMik

Run this command on the machine from which you plan to connect, under your account from under which you work on the same machine:
ssh-keygen -t rsa -f ~/.ssh/gitlab
Then copy the key to the server where the gitlab is deployed using the command:

ssh-copy-id  -i ~/.ssh/gitlab.pub [email protected]

It will ask you to enter the password from the git user on the gitlab server.
After that, it
ssh [email protected]
should work without a password. If you asked for it.