当我从客户端删除 public 密钥文件时,Gogs 抛出 "Permission denied" 错误
Gogs throws a "Permission denied" error when I delete public key file from client
我刚刚安装 Gogs (Go Git Server) on a Raspberry Pi3 using the offical gogs/gogs-rpi docker image, which I run as suggested :
docker run --name=gogs -p 10022:22 -p 10080:3000 -v /var/gogs:/data gogs/gogs-rpi
我使用笔记本电脑通过 gogs 网络界面注册了一个管理员用户,并向该帐户添加了一个 public 密钥。我现在可以使用以下命令将 git 个存储库从 pi 克隆到我的笔记本电脑:
git clone ssh://git@192.168.178.50:10022/peter/my_repo.git
我输入了关键短语,它工作得很好。
现在奇怪的是...当我从笔记本电脑中删除 public 密钥文件 (id_rsa_gogs.pub) 并再次 运行 上面的命令时,我将得到一个 'access denied'错误。
有人知道那是什么吗?我已经在 Gogs 中注册了 public 密钥。为什么我需要在客户端机器上有一个版本的 public 密钥?我从来没有听说过 public 密钥需要留在客户端的情况。
更新
如果我 rm .pub 密钥文件和 运行 ssh -Tv git@192.168.178.50 -p 10022 -i /home/peter/.ssh/id_rsa_gogs 我得到这个:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /home/peter/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.178.50 [192.168.178.50] port 10022.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_rsa_gogs type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_rsa_gogs-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.178.50:10022 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:[REMOVED]
debug1: Host '[192.168.178.50]:10022' is known and matches the ECDSA host key.
debug1: Found key in /home/peter/.ssh/known_hosts:18
debug1: rekey after [REMOVED] blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after [REMOVED] blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/peter/.ssh/id_rsa_gogs
Enter passphrase for key '/home/peter/.ssh/id_rsa_gogs':
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.178.50 ([192.168.178.50]:10022).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: PTY allocation disabled.
debug1: Sending environment.
debug1: Sending env LC_TELEPHONE = de_DE.UTF-8
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_NAME = de_DE.UTF-8
debug1: Sending env LC_MEASUREMENT = de_DE.UTF-8
debug1: Sending env LC_IDENTIFICATION = de_DE.UTF-8
debug1: Sending env LC_MONETARY = de_DE.UTF-8
debug1: Sending env LC_PAPER = de_DE.UTF-8
debug1: Sending env LC_ADDRESS = de_DE.UTF-8
debug1: Sending env LC_NUMERIC = de_DE.UTF-8
Hi there, You've successfully authenticated, but Gogs does not provide shell access.
If this is unexpected, please log in with password and setup Gogs under another user.
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3268, received 3096 bytes, in 0.2 seconds
Bytes per second: sent 15416.0, received 14604.6
debug1: Exit status 0
如果我运行 ssh -Tv git@192.168.178.10 -p 10022(不直接指定密钥文件)似乎失败了:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /home/peter/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.178.50 [192.168.178.50] port 10022.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat [REMOVED]
debug1: Authenticating to 192.168.178.50:10022 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:[REMOVED]
debug1: Host '[192.168.178.50]:10022' is known and matches the ECDSA host key.
debug1: Found key in /home/peter/.ssh/known_hosts:[REMOVED]
debug1: rekey after [REMOVED] blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after [REMOVED] blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/peter/.ssh/id_rsa
debug1: Trying private key: /home/peter/.ssh/id_dsa
debug1: Trying private key: /home/peter/.ssh/id_ecdsa
debug1: Trying private key: /home/peter/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
Check also if the same issue is seen when registering and using an ssh key without any passphrase.
没有密码短语的结果是一样的。
我不知道这是否重要,但我在 ~/.ssh/config 里面有这个 Gogs
Host 192.168.178.50:10022
HostName 192.168.178.50:10022
IdentityFile ~/.ssh/id_rsa_gogs
User Peter
尝试 ssh -Tv git@192.168.178.50 -p 10022 -i /home/peter/.ssh/id_rsa_gogs 以了解实际导致错误的原因。
还要检查在注册和使用没有 任何密码的 ssh 密钥 时是否出现同样的问题。 (尽管 public keys don't have the passphrase)
Host 192.168.178.50:10022
HostName 192.168.178.50:10022
IdentityFile ~/.ssh/id_rsa_gogs
User Peter
ssh 不接受端口号作为此处 Host 或 Hostname 选项的一部分。因此,它没有识别出该条目应该应用于您的连接尝试,并且没有应用身份文件或用户。
如果您只需要匹配 IP 地址,这应该可行:
Host 192.168.178.50
Port 10022
IdentityFile ~/.ssh/id_rsa_gogs
User Peter
如果您确实需要在端口上进行匹配,这应该可行:
Match host 192.168.178.50 exec "test %p = 10022"
IdentityFile ~/.ssh/id_rsa_gogs
User Peter
这会运行 test 命令来测试端口值。 “%p”将被替换为 ssh 将在此时使用的端口值(默认值 22 或命令行中的值)。测试也称为 [;它是一个命令行实用程序,主要用于 shell 脚本,作为 if 语句的一部分。
我刚刚安装 Gogs (Go Git Server) on a Raspberry Pi3 using the offical gogs/gogs-rpi docker image, which I run as suggested :
docker run --name=gogs -p 10022:22 -p 10080:3000 -v /var/gogs:/data gogs/gogs-rpi
我使用笔记本电脑通过 gogs 网络界面注册了一个管理员用户,并向该帐户添加了一个 public 密钥。我现在可以使用以下命令将 git 个存储库从 pi 克隆到我的笔记本电脑:
git clone ssh://git@192.168.178.50:10022/peter/my_repo.git
我输入了关键短语,它工作得很好。
现在奇怪的是...当我从笔记本电脑中删除 public 密钥文件 (id_rsa_gogs.pub) 并再次 运行 上面的命令时,我将得到一个 'access denied'错误。
有人知道那是什么吗?我已经在 Gogs 中注册了 public 密钥。为什么我需要在客户端机器上有一个版本的 public 密钥?我从来没有听说过 public 密钥需要留在客户端的情况。
更新
如果我 rm .pub 密钥文件和 运行 ssh -Tv git@192.168.178.50 -p 10022 -i /home/peter/.ssh/id_rsa_gogs 我得到这个:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /home/peter/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.178.50 [192.168.178.50] port 10022.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_rsa_gogs type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_rsa_gogs-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.178.50:10022 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:[REMOVED]
debug1: Host '[192.168.178.50]:10022' is known and matches the ECDSA host key.
debug1: Found key in /home/peter/.ssh/known_hosts:18
debug1: rekey after [REMOVED] blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after [REMOVED] blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/peter/.ssh/id_rsa_gogs
Enter passphrase for key '/home/peter/.ssh/id_rsa_gogs':
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.178.50 ([192.168.178.50]:10022).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: PTY allocation disabled.
debug1: Sending environment.
debug1: Sending env LC_TELEPHONE = de_DE.UTF-8
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_NAME = de_DE.UTF-8
debug1: Sending env LC_MEASUREMENT = de_DE.UTF-8
debug1: Sending env LC_IDENTIFICATION = de_DE.UTF-8
debug1: Sending env LC_MONETARY = de_DE.UTF-8
debug1: Sending env LC_PAPER = de_DE.UTF-8
debug1: Sending env LC_ADDRESS = de_DE.UTF-8
debug1: Sending env LC_NUMERIC = de_DE.UTF-8
Hi there, You've successfully authenticated, but Gogs does not provide shell access.
If this is unexpected, please log in with password and setup Gogs under another user.
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3268, received 3096 bytes, in 0.2 seconds
Bytes per second: sent 15416.0, received 14604.6
debug1: Exit status 0
如果我运行 ssh -Tv git@192.168.178.10 -p 10022(不直接指定密钥文件)似乎失败了:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /home/peter/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.178.50 [192.168.178.50] port 10022.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/peter/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat [REMOVED]
debug1: Authenticating to 192.168.178.50:10022 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:[REMOVED]
debug1: Host '[192.168.178.50]:10022' is known and matches the ECDSA host key.
debug1: Found key in /home/peter/.ssh/known_hosts:[REMOVED]
debug1: rekey after [REMOVED] blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after [REMOVED] blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/peter/.ssh/id_rsa
debug1: Trying private key: /home/peter/.ssh/id_dsa
debug1: Trying private key: /home/peter/.ssh/id_ecdsa
debug1: Trying private key: /home/peter/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
Check also if the same issue is seen when registering and using an ssh key without any passphrase.
没有密码短语的结果是一样的。
我不知道这是否重要,但我在 ~/.ssh/config 里面有这个 Gogs
Host 192.168.178.50:10022
HostName 192.168.178.50:10022
IdentityFile ~/.ssh/id_rsa_gogs
User Peter
尝试 ssh -Tv git@192.168.178.50 -p 10022 -i /home/peter/.ssh/id_rsa_gogs 以了解实际导致错误的原因。
还要检查在注册和使用没有 任何密码的 ssh 密钥 时是否出现同样的问题。 (尽管 public keys don't have the passphrase)
Host 192.168.178.50:10022
HostName 192.168.178.50:10022
IdentityFile ~/.ssh/id_rsa_gogs
User Peter
ssh 不接受端口号作为此处 Host 或 Hostname 选项的一部分。因此,它没有识别出该条目应该应用于您的连接尝试,并且没有应用身份文件或用户。
如果您只需要匹配 IP 地址,这应该可行:
Host 192.168.178.50
Port 10022
IdentityFile ~/.ssh/id_rsa_gogs
User Peter
如果您确实需要在端口上进行匹配,这应该可行:
Match host 192.168.178.50 exec "test %p = 10022"
IdentityFile ~/.ssh/id_rsa_gogs
User Peter
这会运行 test 命令来测试端口值。 “%p”将被替换为 ssh 将在此时使用的端口值(默认值 22 或命令行中的值)。测试也称为 [;它是一个命令行实用程序,主要用于 shell 脚本,作为 if 语句的一部分。