无法在 windows 上克隆,但可以从 Gitlab 服务器在 linux 上克隆
Can't clone on windows but can clone on linux from Gitlab server
我正在尝试通过 SSH 从远程 Gitlab 服务器克隆存储库。我正在使用 Gitlab CE version 9.3.9 755bb71 和 TortoiseGIT version 2.5.0 以及 git (for windows) version 2.14.0
SSH 密钥已正确安装,因为我已经使用
测试了身份验证
ssh -vT git@192.168.100.100 -i /path/to/.ssh/key
我收到以下消息,表示使用上述密钥验证成功
OpenSSH_7.5p1, OpenSSL 1.0.2k 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.100.100 [192.168.100.100] port 22.
debug1: Connection established.
debug1: identity file /path/to/.ssh/key type 1
debug1: key_load_public: No such file or directory
debug1: identity file /path/to/.ssh/key-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 192.168.100.100:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:fEztD+bNxKRs24poXJMlP0GBAP6Q1dZT80OhQAtDQJE
debug1: Host '192.168.100.100' is known and matches the ECDSA host key.
debug1: Found key in /path/to/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /path/to/.ssh/key
debug1: Server accepts key: pkalg ssh-rsa blen 535
Enter passphrase for key '/path/to/.ssh/key':
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.100.100 ([192.168.100.100]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
Welcome to GitLab, John Doe!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3476, received 3264 bytes, in 2.2 seconds
Bytes per second: sent 1574.0, received 1478.0
debug1: Exit status 0
当我在 windows 上使用 TortoiseGit 克隆存储库时,客户端出现以下错误
Cloning into 'C:\path\folder'...
GitLab: Disallowed command
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
在 gitlab 服务器上,在 gitlab-shell.log 我收到以下警告消息
WARN -- : gitlab-shell: Attempt to execute disallowed command <git upload-pack '/path/to/repo.git'> by user with key key-1.
但是当我从另一台使用不同 SSH 密钥的 linux 机器尝试 git clone 时,它成功了,我在 gitlab 服务器 gitlab-shell.log 上收到以下信息消息
INFO -- : gitlab-shell: executing git command <gitaly-upload-pack {"repository":{"path":"/very/long/path/to/repo.git"},"gl_id":"key-2"}> for user with key key-2.
我花了 10 多个小时尝试调试所有内容,但我不确定有什么区别或问题到底出在哪里。我还尝试在我的本地 .gitconfig 文件中为 TortoiseGit 添加以下内容,但这并没有改变任何东西。
[remote "origin"]
uploadpack = git-upload-pack
最后,通过 HTTPS 克隆相同的存储库工作正常,使用用户名/密码没有任何问题。
注意:我刚刚为 Windows 升级到 Git 2.14.0... 并且 ssh url 的 none 正在工作:
> git ls-remote
GitLab: Disallowed command
fatal: Could not read from remote repository.
(origin 是一个 ssh url)
另一个副作用:git-for-windows/git issue 1258
fatal: protocol error: bad line length character: Not
It looks as if BitBucket looks at argv[0] (typically git-upload-pack, with the regression git) to determine whether it is a permitted command.
So I think it is by design that git is rejected while git-upload-pack is not.
Git实验室出现相同类型的错误:gitlab-ce issue 36028。
pending merge request 在检测到 git xxx 命令时显式恢复 git-xxx .
见gitlab_shell.rb#parse_cmd(args)
def parse_cmd(args)
# Handle Git for Windows 2.14 using "git upload-pack" instead of git-upload-pack
if args.length == 3 && args.first == 'git'
@command = "git-#{args[1]}"
args = [@command, args.last]
else
@command = args.first
end
Git Windows 方面,正在进行修复:see commit 0f33428
Revert "git_connect: prefer Git's builtins over dashed form"
It would appear that this change (which was intended to fix tests
interacting with local repositories when git-upload-pack was not in the
PATH) regresses on SSH access.
A Git for Windows 2.14.0(2) 正在制作中,并且刚刚发布(2017-08-07T11:05:34Z UTC)30 分钟前进行此编辑.
原回答
如果 key1 与您的 /path/to/.ssh/key 相同并且确实识别了 John Doe,那应该意味着 John Doe 无权访问该存储库 (as in here)。
检查 key2 是否与其他用户相关联。
如果两个键引用同一个用户,则更多是本地配置问题(如 this answer)。
还要检查您的 TortoiseGit 是否使用与测试中相同的密钥:
set "GIT_COMMAND_SSH=ssh -v"
# launch TortoiseGit from that CMD session
然后您将看到 TortoiseGit 在使用 ssh url 克隆存储库时使用的是什么。您可能需要 define an .ssh/config file.
两个 Bitbucket Server and Gogs 都遇到了类似的问题。
似乎 git 2.14.0(可能仅在 Windows 上)发生了一些变化,需要更新产品或修复 git。
我正在尝试通过 SSH 从远程 Gitlab 服务器克隆存储库。我正在使用 Gitlab CE version 9.3.9 755bb71 和 TortoiseGIT version 2.5.0 以及 git (for windows) version 2.14.0
SSH 密钥已正确安装,因为我已经使用
测试了身份验证ssh -vT git@192.168.100.100 -i /path/to/.ssh/key
我收到以下消息,表示使用上述密钥验证成功
OpenSSH_7.5p1, OpenSSL 1.0.2k 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.100.100 [192.168.100.100] port 22.
debug1: Connection established.
debug1: identity file /path/to/.ssh/key type 1
debug1: key_load_public: No such file or directory
debug1: identity file /path/to/.ssh/key-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 192.168.100.100:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:fEztD+bNxKRs24poXJMlP0GBAP6Q1dZT80OhQAtDQJE
debug1: Host '192.168.100.100' is known and matches the ECDSA host key.
debug1: Found key in /path/to/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /path/to/.ssh/key
debug1: Server accepts key: pkalg ssh-rsa blen 535
Enter passphrase for key '/path/to/.ssh/key':
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.100.100 ([192.168.100.100]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
Welcome to GitLab, John Doe!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3476, received 3264 bytes, in 2.2 seconds
Bytes per second: sent 1574.0, received 1478.0
debug1: Exit status 0
当我在 windows 上使用 TortoiseGit 克隆存储库时,客户端出现以下错误
Cloning into 'C:\path\folder'...
GitLab: Disallowed command
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
在 gitlab 服务器上,在 gitlab-shell.log 我收到以下警告消息
WARN -- : gitlab-shell: Attempt to execute disallowed command <git upload-pack '/path/to/repo.git'> by user with key key-1.
但是当我从另一台使用不同 SSH 密钥的 linux 机器尝试 git clone 时,它成功了,我在 gitlab 服务器 gitlab-shell.log 上收到以下信息消息
INFO -- : gitlab-shell: executing git command <gitaly-upload-pack {"repository":{"path":"/very/long/path/to/repo.git"},"gl_id":"key-2"}> for user with key key-2.
我花了 10 多个小时尝试调试所有内容,但我不确定有什么区别或问题到底出在哪里。我还尝试在我的本地 .gitconfig 文件中为 TortoiseGit 添加以下内容,但这并没有改变任何东西。
[remote "origin"]
uploadpack = git-upload-pack
最后,通过 HTTPS 克隆相同的存储库工作正常,使用用户名/密码没有任何问题。
注意:我刚刚为 Windows 升级到 Git 2.14.0... 并且 ssh url 的 none 正在工作:
> git ls-remote
GitLab: Disallowed command
fatal: Could not read from remote repository.
(origin 是一个 ssh url)
另一个副作用:git-for-windows/git issue 1258
fatal: protocol error: bad line length character: Not
It looks as if BitBucket looks at
argv[0](typicallygit-upload-pack, with the regression git) to determine whether it is a permitted command.So I think it is by design that
gitis rejected whilegit-upload-packis not.
Git实验室出现相同类型的错误:gitlab-ce issue 36028。
pending merge request 在检测到 git xxx 命令时显式恢复 git-xxx .
见gitlab_shell.rb#parse_cmd(args)
def parse_cmd(args)
# Handle Git for Windows 2.14 using "git upload-pack" instead of git-upload-pack
if args.length == 3 && args.first == 'git'
@command = "git-#{args[1]}"
args = [@command, args.last]
else
@command = args.first
end
Git Windows 方面,正在进行修复:see commit 0f33428
Revert "git_connect: prefer Git's builtins over dashed form"
It would appear that this change (which was intended to fix tests interacting with local repositories when
git-upload-packwas not in thePATH) regresses on SSH access.
A Git for Windows 2.14.0(2) 正在制作中,并且刚刚发布(2017-08-07T11:05:34Z UTC)30 分钟前进行此编辑.
原回答
如果 key1 与您的 /path/to/.ssh/key 相同并且确实识别了 John Doe,那应该意味着 John Doe 无权访问该存储库 (as in here)。
检查 key2 是否与其他用户相关联。
如果两个键引用同一个用户,则更多是本地配置问题(如 this answer)。 还要检查您的 TortoiseGit 是否使用与测试中相同的密钥:
set "GIT_COMMAND_SSH=ssh -v"
# launch TortoiseGit from that CMD session
然后您将看到 TortoiseGit 在使用 ssh url 克隆存储库时使用的是什么。您可能需要 define an .ssh/config file.
两个 Bitbucket Server and Gogs 都遇到了类似的问题。
似乎 git 2.14.0(可能仅在 Windows 上)发生了一些变化,需要更新产品或修复 git。