ali haider's questions

I am looking to setup a transparent proxy (client) on a computer which will act as a gateway/router for (client) computers connecting to this gateway computer. The client computers use a VPN client which is not going to be modified (nor will it have any proxy client). The transparent proxy client will connect to a proxy (server) through which all traffic (including the VPN traffic) should be routed from. Is this approach even possible with squid or ha proxy?

VPN client on computer -> transparent proxy on computer acting as router/gateway -> proxy on remote server -> VPN server (and the traffic going back the same way).

Any thoughts or suggestions on this matter will be appreciated.

I was previously able to use terraform 0.11 with digitalocean. I have since updated the terraform version to 0.13.5 and updated the digitalocean provider. However, after this change, I am not able to provision any resource as I am getting a 401 error from digitalocean. I have even tried using a new authentication token but that produced the same result.

Error: Error creating droplet: POST https://api.digitalocean.com/v2/droplets: 401 Unable to authenticate you

versions.tf

terraform {
  required_providers {
    digitalocean = {
      source  = "digitalocean/digitalocean"
      version = "1.22.2"
    }
  }
  required_version = ">= 0.13"
}

I have modified the TF_LOG value but that has not provided any additional details to help debug the issue. Any ideas on how to troubleshoot this further?

I have even tried removing the token from the terraform.tfvars file which forces the token to be requested when terraform apply is invoked. However, the result was the same i.e. unauthorized response.

The token is valid as I am able to use it with curl but not with terraform 0.13.5 and digitalocean provider 2.2.0.

I tried installing freeipa on ubuntu v16 (cloud server) using the following:

1. modified /etc/host to use the private IP address of the virtual machine and the corresponding host (the A name has propagated)

2. ran the freeipa-server installation:

   sudo apt-get intall freeipa-server

I added the host information etc. in the responses. After the installation, I ran the following:

kinit admin

However, I get the following error:

 Cannot contact any KDC for realm 'CORRECT.HOST.COM' while getting initial credentials

I checked the realm setup in /etc/krb5.conf file and I can see the host specified there:

default_realm = CORRECT.HOST.COM

[realms]
    CORRECT.HOST.COM = {
        kdc = CORRECT.HOST.COM:88
        admin_server = CORRECT.HOST.COM
    }

I tried modifying the host name to lowercase (as well as the port number). However, the kinit command does not work.

KRB5_TRACE=/dev/stdout kinit admin
[30263] 1524933806.532808: Getting initial credentials for [email protected]
[30263] 1524933806.536715: Sending request (185 bytes) to CORRECT.HOST.COM
[30263] 1524933806.537110: Resolving hostname correct.host.com
[30263] 1524933806.537618: Sending initial UDP request to dgram 10.132.61.210:88
[30263] 1524933806.537806: Initiating TCP connection to stream 10.132.61.210:88
[30263] 1524933806.537942: Terminating TCP connection to stream 10.132.61.210:88
kinit: Cannot contact any KDC for realm 'CORRECT.HOST.COM' while getting initial credentials

Any thoughts on how to troubleshoot this further (preferably installing on an ubuntu v16 server and not fedora)

I installed fail2ban on ubuntu 16 on which I also have ufw. I copied jail.conf to jail.local in /etc/fail2ban. After this, I tried starting fail2ban but I get the following error in the logs (using the command systemctl status fail2ban.service):

fail2ban.service: Control process exited, code=exited status=255
abcdefgh systemd[1]: Failed to start Fail2Ban Service.
fail2ban.service: Unit entered failed state.

Any thoughts on how I go about troubleshooting this issue further?

Update The change I made to the jail.conf file was for the sshd section:

[sshd]
enabled = true
port = valid-ssh-port (this is a number but not the default port)
filter = sshd
logpath = /var/log/auth.log
maxretry = 5

I am using the following command and script to get OpenLDAP (running on ubuntu v16) to use SSL certificates (locations of the certificates is correct).

ssl.ldif

dn: cn=config
changetype: modify
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/fullchain-xxxxxx.pem
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/certs/cert-xxxxxx.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/private/privkey-xxxxxx.pem

command:

sudo ldapmodify -H ldapi:// -Y EXTERNAL -f ssl.ldif

output:

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)

Is there any other log file entry that I can check to troubleshoot this further?

I am running gitlab on ubuntu 14. The previously configured cert has expired (no cron entry was setup for renewal). I am trying to setup certbot (with let's encrypt) to renew the cert and then setup the crontab entry for auto renewals. When I run certbot, I get a message copied below (is there a location where I can grab a more detailed error message):

command being run:

./certbot-auto certonly --webroot -w /opt/gitlab/ssl -d git.xyz.com

git.xyz.com is a valid domain (I replaced the actual domain with xyz). The directory /opt/gitlab/ssl exists and the user being used to run the command has read/write privileges on that directory and its contents.

Error Failed authorization procedure. git.xyz.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to git.xyz.com

IMPORTANT NOTES:

- The following errors were reported by the server:

   Domain: git.xyz.com
   Type:   connection
   Detail: Could not connect to git.xyz.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.  

Any thoughts on how I can debug this issue better?

forgot to mention: I can access the URL from an external network (the domain name is correct) and currently no firewall was configured to stop traffic on port 80/443 (I even shut off the firewall to test as well).

I am running hhvm on ubuntu14 with the following server.ini config:

server.ini

; php options

pid = /var/run/hhvm/pid

; hhvm specific 

;hhvm.server.port = 9000
hhvm.server.file.socket=/var/run/hhvm/hhvm.sock
hhvm.server.type = fastcgi
hhvm.server.default_document = index.php
hhvm.log.use_log_file = true
hhvm.log.file = /var/log/hhvm/error.log
hhvm.repo.central.path = /var/run/hhvm/hhvm.hhbc

I commented out the 9000 port line and added the file socket option. After this change, when I restart the service, it seems that hhvm appears to bind on port 80 as well (I am trying to run nginx on port 80). I could not find any config for hhvm where it explicitly binds on port 80. Any thoughts on how I can go about ensuring that hhvm does not use port 80.

php.ini

; php options
session.save_handler = files
session.save_path = /var/lib/hhvm/sessions
session.gc_maxlifetime = 1440

; hhvm specific 
hhvm.log.level = Warning
hhvm.log.always_log_unhandled_exceptions = true
hhvm.log.runtime_error_reporting_level = 8191
hhvm.mysql.typed_results = false

I also do not see hhvm.sock in /var/run/hhvm.

Update When I comment tout the file socket and replace it with the port, hhvm binds to port 9000 instead of 80. I need to figure out the correct method of using hhvm with nginx (allowing nginx to run on port 80)

I am trying to setup hhvm using the instructions below but I am getting the error copied below. If it does not work, I will simply clone the git repo and run make but would prefer not to if possible.

The debian distro is jessie:

lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 8.4 (jessie)
Release:    8.4
Codename:   jessie

instructions for hhvm

wget -O - http://dl.hhvm.com/conf/hhvm.gpg.key | sudo apt-key add -
echo deb http://dl.hhvm.com/debian jessie main | sudo tee /etc/apt/sources.list.d/hhvm.list
sudo apt-get update
sudo apt-get install hhvm

error:

W: Failed to fetch http://dl.hhvm.com/ubuntu/dists/jessie/main/binary-i386/Packages  404  Not Found [IP: 140.211.166.134 80]

Any thoughts on how to fix this?

I added a user to a group in amazon AWS. The user has the privilege of adding EC2 instances but does not appear to have the privilege of creating a keypair - the request is getting denied. Any idea on what privilege needs to be added to enable this feature for the new user?

I already had let's encrypt on an ubuntu server (python v2.7.6) but it is no longer running complaining that I am using an old client. I downloaded the certbot client for ubuntu 14 but when I run the following command, I get the error copied below - any idea on how to troubleshoot this further:

./certbot-auto certonly --text --webroot -w /usr/share/nginx/html -d actualurl.com --keep-until-expiring --expand --agree-tos --email [email protected]


2016-07-31 20:50:48,178:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f45863102d0> 
and installer None
2016-07-31 20:50:48,350:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory284. args: (), kwargs: {}
2016-07-31 20:50:48,354:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-07-31 20:50:48,803:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory284 HTTP/1.1" 404 19
2016-07-31 20:50:48,805:DEBUG:root:Received <Response [404]>. Headers: {'Content-Length': '19', 'X-Content-Type-Options': 'nosniff', 'Boulder-Re
quest-Id': 'gH76WSwBJgzedpyjF8X3TAVVYz0-TLkaiNGTjQa3Weg', 'Expires': 'Sun, 31 Jul 2016 20:50:48 GMT', 'Server': 'nginx', 'Connection': 'keep-ali
ve', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 31 Jul 2016 20:50:48 GMT', 'Content-Type': 'text/plai
n; charset=utf-8'}. Content: '404 page not found\n'
2016-07-31 20:50:48,805:DEBUG:acme.client:Received response <Response [404]> (headers: {'Content-Length': '19', 'X-Content-Type-Options': 'nosni
ff', 'Boulder-Request-Id': 'gH76WSwBJgzedpyjF8X3TAVVYz0-TLkaiNGTjQa3Weg', 'Expires': 'Sun, 31 Jul 2016 20:50:48 GMT', 'Server': 'nginx', 'Connec
tion': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 31 Jul 2016 20:50:48 GMT', 'Content-T
ype': 'text/plain; charset=utf-8'}): '404 page not found\n'
2016-07-31 20:50:48,806:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 744, in main
    return config.func(config, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 550, in obtain_cert
    le_client = _init_le_client(config, auth, installer)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 360, in _init_le_client
    acc, acme = _determine_account(config)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 345, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 118, in register
    acme = acme_from_config_key(config, key)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 42, in acme_from_config_key
    return acme_client.Client(config.server, key=key, net=net)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 63, in __init__
    self.net.get(directory).json())
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 631, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 578, in _check_response
    raise errors.ClientError(response)
ClientError: <Response [404]>

I also ran certbot-auto with certonly but I got the same error.

dialog version

Version: 1.2-20130928

lsb_release -a

Distributor ID: Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:   trusty

I downloaded certbot using

wget https://dl.eff.org/certbot-auto

also, the nginx process was running and still had the older lets encrypt certificate. I have since tried removing that and restarted nginx but I am stilll getting the same error. I am running HA proxy on port 80 and redirecting to Nginx.

I have the following certbot plugins installed:

* apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator

* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator

* standalone
Description: Automatically use a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator

I modified the security group for two VMs on AWS (from one security group to another - not just editing the security rules of an existing group). The VM's are behind Amazon ELB (and using Route 53). After the security group change (and without rebooting the VM's), I can access the service on the two VM's using the IP address but I cannot access the service via the URL. Any idea on whether I need to configure anything on Route 53 to activate this security group change correctly?

One more thing: the traceroute is ending at an IP address owned by Amazon.

Update:

I have all ports open on the inbound and outbound (numbers changed) 100, 101 and 102 for the ELB security group and for the security group being used by the internal VM is configured for port 100, 101 and 102 (for inbound) and all open for outbound.

After this change, I can see that the traceroute is ending at an Amazon instance (but not the internal instance I am running).

The email address used as the admin email when we started using let's encrypt needs to be modified (a former employee used his personal email address as the admin email and he is no longer with the firm). What steps need to be taken to get that modified (we can get the former employee to confirm this). We need to remove his personal email address and replace it with a new email address. This will be used for key recovery actions. In either case, I would like the former employee's personal email address to be removed. What steps do I need to take to accomplish this (if my understanding of the process is incorrect, kindly point me to the right direction). Thanks in advance.

I am trying to setup ssh access using keys - I have added my public key to the .ssh directory on the server. I restarted the ssh service on the server as well. When I logon from my local computer to the server, I get a denied message (copied below - using the v flag). I replaced the username and ip address from the question. Any idea what I might have done wrong?

ssh -v [email protected]
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA dd:e7:a3:31:60:21:c5:90:24:b5:11:65:43:d8:cd:a0
debug1: Host 'xxx.xxx.xxx.xxx' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).

I have a windows 10 and ubuntu 14 dual boot on a test server. After I restarted windows, the grub boot loader does not load up - I have tried pressing Shift when booting the server but no boot up options come up. It does not seem to pick up the flash drive which has Ubuntu on it either. Any suggestions on how to fix it?

I am running ubuntu 14 on one of my servers.

When I run sudo apt-get update, I get the error below.

W: GPG error: http://cran.rstudio.com trusty/ Release: The following signatures were invalid: KEYEXPIRED 1445181253 KEYEXPIRED 1445181253 KEYEXPIRED 1445181253

Should I modify my ppa repository list or take some other action to fix this issue.

Update: I tried removing R from the server using

sudo apt-get --purge remove r-base
sudo apt-get --purge remove r-base-core
sudo apt-get --purge remove r-base-recommended

However, I am still seeing the same issue with apt-get update.

I am trying to figure out how best to use Nginx as proxy for serving PHP (via PHP5-FPM), Python (via gunicorn) and NodeJS. My current default file in the sites-available directory is copied below. Should I be attempting to configure multiple servers or make other changes in order to enable this functionality? Thanks in advance.

Update: Currently, with the current config, Nginx is serving as a proxy to NodeJS application. However, it is no longer serving PHP content anymore. Should I be using a different server in the default file and if so, should I be able to use the same listening port but just use a different server_name and use the location tag to differentiate between the requests?

I am trying to route certain URL requests to a PHP application (in /var/www - I switched from /usr/share/nginx) as well as to Python and Nodejs backends.

One thought that I have not implemented is to try multiple upstream and have the PHP setup in the main server - would that work i.e. have one upstream for NodeJS, one for Python and then the server for PHP.

upstream test {
        server 0.0.0.0:3002;
        keepalive 500;
}


server {
        listen 81 default_server;
        listen [::]:81 default_server; ##remove this?

        root /var/www/;  ##switched from /usr/share/nginx
        index index.php index.html index.htm;

        server_name localhost; 

        location / {
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;
                proxy_set_header X-Nginx-Proxy true;
                proxy_set_header Connection "";
                proxy_http_version 1.1;
                proxy_pass http://0.0.0.0:3002;
        }

        location /doc/ {
                alias /usr/share/doc/;
                autoindex on;
                allow 127.0.0.1;
                allow ::1;
                deny all;
        }

        # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
        location /RequestDenied {
                proxy_pass http://127.0.0.1:4242;
        }

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php5-fpm:
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
        }
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
server {
        listen 82;
        root /var/www/;
        index index.php index.html index.htm;
        server_name php;
        location ~ /testPHP {    //testPHP is part of URL/directory name in /var/www/
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
        }

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
        }

}

I am trying to launch HA Proxy 1.4.24 on an ubuntu 13 VM via sudo. My haproxy.cfg file is copied below. However, when I use sudo service haproxy start or try sudo /etc/init.d/haproxy start, the process not start up. Any ideas on troubleshooting this would be helpful. The config file appears to pass the configuration test (sudo haproxy -f haproxy.cfg -c results in "Configuration file is valid").
Also, Enabled flag in the haproxy file in /etc/init.d is set to 1. Port 80 does not appear to be bound by any other service.

Update: I had set the enabled flag to 1 in the /etc/init.d/haproxy file as opposed to in the /etc/default/haproxy file - fixing this change allowed me to run haproxy normally.

global
    maxconn     25000 # Total Max Connections. This is dependent on ulimit
    daemon
    nbproc      4 # Number of processing cores. Dual Dual-core Opteron is 4 cores for example.

defaults
    mode        http
    clitimeout  60000
    srvtimeout  30000
    contimeout  4000
    timeout http-request 5s  # added to tackle slow http requests
        option abortonclose
        option forwardfor


listen  http_proxy *:80
        #bind *:80
    balance roundrobin # Load Balancing algorithm
    option httpchk
    option forwardfor # This sets X-Forwarded-For
        default_backend bk_web

# Dynamic part of the application
backend bk_web
    ## Define your servers to balance
    balance roundrobin ## change to URL hashing
    cookie MYSRV insert indirect nocache  ## check this NOTE TO SELF
    server server1 0.0.0.0:81 weight 1 maxconn 512 check
    server server2 0.0.0.0:82 weight 1 maxconn 512 check

When I am checking out a project or try to commit (I was previously able to do so), I receive the following error:

svn: 'C:\Users\username\workspace\ABC' is already a working copy for a different URL

where ABC is the project name. Any thoughts on how to fix this or what could be causing this?

These are the steps I followed for setting up a new user on gitolite hosted on amazon aws: 1. Installed gitolite (works - I can can connect as admin & add new repos/users)

2. I added a test repo and a new user in the conf file in gitolite-admin.

3. The new user created a new ssh key called newUser - the newUser.pub was added to keydir inside gitolite-admin

4. The new users can connect via ssh to the Amazon AWS instance using the certificate meant for the Amazon instance

5. I ran the following:

   git add -A git commit -m 'adding new repo and user' git push origin master

The response mentioned that the new users and repos have been generated. However, when the user connects, the ssh fails to authenticate. I ran the ssh -vvv for the git instance i.e. ssh -vvv git@server name (where server name is the amazon instance). I can see that the ssh attempt is not picking the new public key but instead trying to use the older id_rsa.pub file. I will now try to force ssh to use the new key - any other suggestions to help troubleshoot this will be greatly appreciated!

Edit: Thanks @VonC for responding. I have copied the authorized key info for the user below below:

command="/usr/share/gitolite/gl-auth-command adavid",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa keyinfo [email protected]

where adavid is the user added, abcdavid is the userID on the user's computer & 192.168.1.3 is the local address for the user's computer.

Second Edit:

I had the user add a config file as well:

Host test.git.com
HostName amazon host name
User adavid (where adavid is the user name)
PreferredAuthentications publickey
IdentityFile ~./ssh/adavid   (where adavid is the user name and associated with the key called adavid)

I received the following error when cloning into the git repo:

Cloning into git repository name
tilde_expand_filename: No such user .
fatal: The remote end hung up unexpectedly

I am checking the git command now to see if I made any mistake. thanks

I was able to run the following command:

git clone admin@ip address:gitolite-admin.git

When I tried adding a new user using the steps below, the new user was unable to connect:

Steps taken so far:

1.  Copied the public key into the keydir (also tried copying it in a separate directory within the keydir)
2.  I added a repo in the config file for the new userID
3.  git add -A
4.  git commit -m 'adding new user keys and repo'
5.  git push origin master

All these commands run without throwing any errors.
When the user tries to login, he is unable to connect with the following command:

git clone username@IPAddress:newRepoName.git

The connection times out complaining about unable to connect on port 22. Any suggestions to help troubleshoot this (the public key for the user was generated from his computer - same one is being used for logging in as user - different computer was used for admin access). Thanks in advance

Edit: I removed the public key for a (non-admin) user, ran commit and pushed to the server after which I added a new public key for the user, ran add, commit & pushed to server. The response for the admin mentioned that the user was added. However, when the user tries connecting to the server using the command below, the connection attempt is unsuccessful (I can clone the project from my computer - the additional user cannot, neither can any other user so I am guessing I made a mistake in configuring additional users - any thoughts would be quite welcome and thanks for the patience)

git clone [email protected]:testProject Cloning into 'testProject'... Permission denied (publickey). fatal: The remote end hung up unexpectedly