Gitlab not working with SSH Keys

ssh git gitlab

75,550

Solution 1

Providing that you have loaded your private key on your client, then it sounds like this might be a permissions issue on the 'git' user home directory and .ssh directory.

Please try changing your /home/git directory to a mask of 0711:

chmod 0711 /home/git

Ensure the /home/git/.ssh directory has a mask of 0700:

chmod 0700 /home/git/.ssh

Ensure the /home/git/.ssh/authorized_keys file has a mask of 0600:

chmod 0600 /home/git/.ssh/authorized_keys

Replace /home/git with whatever your home directory for the 'git' user is, if it was different in the tutorial. If it's not permissions, then please let comment and we'll see what else might be the issue.

Solution 2

I'd also recommend to check that user has proper permission to clone/pull/push in gitlab. I've just spend too much time looking through ssh/https configurations, when the reason for problem was user in gitlab not having enough permissions...

Solution 3

If you're using environment variables to pass the key, you should base64 encode them, otherwise they will probably fail with an error asking for your passphrase. This means that the key is corrupted. If you see:

$ ssh-add <(echo "$SSH_PRIVATE_KEY")
Enter passphrase for /dev/fd/63: ERROR: Job failed: exit code 1

Then base64 encode the SSH_PRIVATE_KEY variable. If you are on OS X,

cat ~/.ssh/ssh_key_for_project | base64 | pbcopy

will encode it and copy it to your clipboard. Now then change the .gitlab-ci.yml script line to

- ssh-add <(echo "$SSH_PRIVATE_KEY" | base64 -d)

Solution 4

Check that you have only one record for your public key (which was imported through web face) in /home/git/.ssh/authorized_keys and this key has gitlab's prefix and title. In other words, if you've added the same key manually before installing gitlab then remove it.

Solution 5

This can happen if the host has a '-' in its name. (Even though this is legal according to RFC 952.)

ssh prompts me for a password for any host that happens to have a '-' in its name. This would seem to be purely a problem with ssh configuration file parsing because adding an alias to ~/.ssh/config (and using that alias in my git remote urls) resolved the problem.

In other words try putting something like the following in your C:/Users/{username}/.ssh/config

Host {a}
    User git
    Hostname {a-b.domain}
    IdentityFile C:/Users/{username}/.ssh/id_rsa

and where you have a remote of the form

origin  [email protected]:repo-name.git

remove it and then re-add it using the form

origin  git@a:repo-name.git

View more solutions

75,550

greyfox

I'm a web developer from Columbus, Ohio. I studied Computer Science at Capital University in Columbus, where I received my bachelor's degree. In college I was heavy into C++ and Python. I dabbled my hands in Objective-C/Cocoa as well. After college I began doing web development using PHP/MySQL. I really fell in love with web development. Now I'm transitioning into Java/Spring MVC. At some point I would like to get more into ASP.NET MVC.

Updated on September 18, 2022

Comments

greyfox over 1 year
I am having issues with Gitlab. I used the following guide to install and configure Gitlab https://github.com/gitlabhq/gitlab-recipes/blob/master/install/centos/README.md. The installation seemed to go well and all. The web application seems to be working fine. However I am unable to clone, pull, push, basically I essentially cannot use Gitlab. I have seen 403 errors with HTTP and permission denied when trying to clone over SSH.

I have ensured my private keys are setup correctly on both Windows and OS X. I can see the public keys on the server. I added the following to my config file in ~/.ssh.config
```
Host {hostname}
    User git
    Hostname {hostname}
    PreferredAuthentications publickey
    IdentityFile C:/Users/{username}/.ssh/id_rsa
```
This is what I see in /var/log/secure
```
Jan 14 17:31:48 dev_version_control sshd[3696]: Connection closed by 192.168.17.113
Jan 14 17:32:18 dev_version_control sshd[3700]: Connection closed by 192.168.17.113
```
The /var/log/message didn't role when I tried using git or ssh

I'm not sure where to go from here. Any suggestions?

I don't know what you mean by SSH using git username. The guide I used did not create a password for the git user and stated that user cannot be used to login.
- jaseeey over 10 years
  
  Are you able to SSH to the Git server as user 'git'? Can you try adding the '-vvv' parameter to get some further output on why the connection is being closed? It might also be worthwhile checking the /var/log/secure and /var/log/messages files to see if there are any errors in there.
- EEAA over 10 years
  
  Public keys are not set up on the client - you need to make sure that your private keys are on your client. Public keys go on the server.
- greyfox over 10 years
  
  Updated my question. Hopefully that helps
greyfox over 10 years

That may have been the issue. I am know able to clone using git clone git@{hostname}:{workspace}/{repository} on my Mac. Unfortunately I left my Windows machine at work so I will need to give that a try tomorrow. Does the public / private key authentication not work over HTTP with Gitlab? I was under the impression that was how Github worked but I could be wrong about that.
jaseeey over 10 years

Public/private key authentication only works over SSH. If you use HTTP, you will need to use your username and password to do anything. If you are using a new version of Git, like v1.8, then it should prompt you for a username and password. Older versions of Git do not do this, so you have to add your username and password inline of the remote (i.e. https://username:[email protected]/repo.git)
greyfox over 10 years

Ahhhh that makes much more sense now. So does the GitHub for Windows app store the credentials? Thanks so much for the help!
jaseeey over 10 years

I haven't used the GitHub Windows application much, but I think from memory it required a login when you open it, so I would say that stores the access credentials to save you the ache of entering them all the time.
jaseeey over 10 years

You can have multiple keys in there and you will be able to login provided your private key can match up...
sinm over 10 years

@Jason , i've just edited to explain more precisely
6ft Dan over 5 years

Thank you, this was it for me. I had put my ssh key in manually before using Gitlab to add a key and the duplicate keys caused issues.
Michael Hampton almost 4 years

Please note that in current GitLab Omnibus the home directory is /var/opt/gitlab, not /home/git.