GitLab benötigt das git @ localhost-Passwort, um ein Repo zu erhalten

8624
DevinR

Ich versuche GitLab auf meinem Server zum Laufen zu bringen. Ich habe die Installationsanweisungen auf der Gitlab-Github-Seite befolgt und alles lief gut.

Wenn ich ein Repo erstelle und versuche, "git push -u origin master" zu erstellen, werde ich aufgefordert, "git @ localhost's password:"

Einige Leute haben vorgeschlagen, git zu AllowedUsers in meinem sshd-conf hinzuzufügen, aber ich habe dort kein Feld AllowedUsers, das scheint also kein Problem zu sein.

Ich bin immer noch ziemlich neu in Sachen ssh, also könnte es ein Problem mit dem ssh-Schlüssel sein, obwohl ich versucht habe, alle relevanten ssh-Schlüssel zu /home/git/.ssh/authorized_keys hinzuzufügen.

Irgendwelche Vorschläge sehr geschätzt!

6

2 Antworten auf die Frage

4
stochastic

The proper way to access a repository managed by gitlab is to add a public key.

First, you need to create a keypair: (these are the commands for a linux machine, and I believe they also work on windows if you have git for windows installed, which installs a cygwin environment)

cd ~/.ssh #create this dir if it's absent ssh-keygen -t rsa -b 2048 #i like 2048 bit rsa keys, but you could use -b 1024 instead 

when prompted, give a name to the keyfile, let's say you called it "my_key" it will ask you for a passphrase. If you type one, the private key (see below) will be encrypted with that passphrase, so you will have to both have the keyfile installed properly AND type the passphrase to perform a git operation. You can also leave it blank, which is less secure but more convenient.

This generates ~/.ssh/my_key and ~/.ssh/my_key.pub. The .pub file is the public key, the other is the private key. You now need to do two things:

  1. Give the public key to the server
  2. Set up your ssh client to know about and use the private key

to do 1., open my_key.pub in an editor and copy the contents to the clipboard. Then, log in to gitlab through the web interface. In the upper right-hand corner, you will find a randomly generated picture, which if you hover over will give you two options: "My Profile", and "Logout". Click on the former. On the right of the resulting page, you'll see an "add public key" button. Click that, and you'll be presented with a page where you can paste the public key that you copied. Give it a name, click save, and you're done.

to do 2. (again, on linux) open (create if necessary) the file ~/.ssh/config, and add the following line:

IdentityFile ~/.ssh/my_key 

This tells ssh to try to use the private key when logging in to any site that tries to use key authentication.

Background on keys (in case you didn't know): the keys used by ssh are called asymmetric keys. There is a "public key" and a "private key", and they are generated as a pair (they're mathematically related). Anything encrypted using the public key can only be decrypted using the private key, and vice versa. ssh uses these for authentication: you give a server a public key and your client the private key which corresponds. When you try to log in, the server basically takes some random data, encrypts it with the public key, and sends it to the client. The client decrypts using the private key, and sends the original random data back to the server. The server then knows that you are the person you say you are (because your client was able to successfully decrypt.

1
termnml

@stochastic Der Hauptgrund dafür ist ein Problem mit nicht übereinstimmenden ssh-Schlüsseln.

Ich hatte das gleiche Problem und es war nicht möglich, den ssh-key in ein Profil von gitlab einzugeben und die App den Rest erledigen zu lassen.

ssh-keygen -t rsa -C "hereYourEmailUsedInGitlab"

Folgen Sie dann dem Schritt und fügen Sie ihn einfach in Ihr Profil ein.

Wichtig: Wenn Sie den Schlüssel in einer Sitzung auf Ihrem Computer generieren. Und in der gleichen Situation, die versucht, es zu benutzen (git clone ...), wird es scheitern. Wenn Sie sich in Ihr System einloggen, wird es funktionieren.


Tu mir einen Gefallen und korrigiere mein Englisch :)