I have an amazon ec2 cloud server running Ubuntu 12.04.3 LTS (GNU/Linux 3.2.0-52-virtual x86_64). I have gitlab installed using bitnami image. SSH cloning of repos does not work.
I can not log in as git over ssh with ssh key
➜ front-end git:(develop) ssh -vT [email protected]
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to cloud.redrockrim.org [54.229.74.10] port 22.
debug1: Connection established.
debug1: identity file /Users/redrockrim/.ssh/id_rsa type 1
debug1: identity file /Users/redrockrim/.ssh/id_rsa-cert type -1
debug1: identity file /Users/redrockrim/.ssh/id_dsa type -1
debug1: identity file /Users/redrockrim/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 54:52:a4:7c:bf:45:bc:89:b5:7f:ae:59:2d:d6:e2:11
debug1: Host 'cloud.redrockrim.org' is known and matches the RSA host key.
debug1: Found key in /Users/redrockrim/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/redrockrim/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/redrockrim/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password:
I can log in using ssh as a different user I created.
➜ front-end git:(develop) ssh -vT [email protected]
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to cloud.redrockrim.org [54.229.74.10] port 22.
debug1: Connection established.
debug1: identity file /Users/redrockrim/.ssh/id_rsa type 1
debug1: identity file /Users/redrockrim/.ssh/id_rsa-cert type -1
debug1: identity file /Users/redrockrim/.ssh/id_dsa type -1
debug1: identity file /Users/redrockrim/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 54:52:a4:7c:bf:45:bc:89:b5:7f:ae:59:2d:d6:e2:11
debug1: Host 'cloud.redrockrim.org' is known and matches the RSA host key.
debug1: Found key in /Users/redrockrim/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/redrockrim/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to cloud.redrockrim.org ([54.229.74.10]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_IE.UTF-8
debug1: Sending env LC_CTYPE = en_IE.UTF-8
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.2.0-52-virtual x86_64)
___ _ _ _ _ _
| _ |_) |_| \| |__ _ _ __ (_)
| _ \ | _| .` / _` | ' \| |
|___/_|\__|_|\_\__,_|_|_|_|_|
*** Welcome to the BitNami GitLab 6.0.0-0 ***
*** BitNami Wiki: http://wiki.bitnami.com/ ***
*** BitNami Forums: http://community.bitnami.com/ ***
What can I try to fix this issue?
SSH facilities can be suppressed by adding options to the beginning of a key in
authorization_keys. What's happening here is the server is preventing yourgituser from having complete/open access to the server with that specific key, but rather only allows a very targeted connection... which is what you'd normally want.If you want to connect as that user you'd remove the preamble before
ssh-rsa, although it's all there for good reason. You can still connect as another user andsu gitonce you're on the server... if it's important to be that user for some reason.The options mean:
command="/opt/bitnami/apps/gitlab/gitlab-shell/bin/gitlab-shell key-3"Means that this command is executed whenever the connection is made. No command can be supplied by the user.
no-port-forwardingPrevents TCP forwarding
no-X11-forwardingPrevents X11 forwarding
no-agent-forwardingPrevents agent forwarding
no-ptyPrevents TTY allocation - what you likely mostly use in ssh to execute commands on the remote server.
Which can all be found on the ssh(8) man page