12

I am having issues with Gitlab. I used the following guide to install and configure Gitlab https://github.com/gitlabhq/gitlab-recipes/blob/master/install/centos/README.md. The installation seemed to go well and all. The web application seems to be working fine. However I am unable to clone, pull, push, basically I essentially cannot use Gitlab. I have seen 403 errors with HTTP and permission denied when trying to clone over SSH.

I have ensured my private keys are setup correctly on both Windows and OS X. I can see the public keys on the server. I added the following to my config file in ~/.ssh.config

Host {hostname}
    User git
    Hostname {hostname}
    PreferredAuthentications publickey
    IdentityFile C:/Users/{username}/.ssh/id_rsa

This is what I see in /var/log/secure

Jan 14 17:31:48 dev_version_control sshd[3696]: Connection closed by 192.168.17.113
Jan 14 17:32:18 dev_version_control sshd[3700]: Connection closed by 192.168.17.113

The /var/log/message didn't role when I tried using git or ssh

I'm not sure where to go from here. Any suggestions?

I don't know what you mean by SSH using git username. The guide I used did not create a password for the git user and stated that user cannot be used to login.

Mike H-R
  • 113
  • 1
  • 6
greyfox
  • 257
  • 1
  • 2
  • 9
  • Are you able to SSH to the Git server as user 'git'? Can you try adding the '-vvv' parameter to get some further output on why the connection is being closed? It might also be worthwhile checking the /var/log/secure and /var/log/messages files to see if there are any errors in there. – jaseeey Jan 15 '14 at 03:08
  • Public keys are not set up on the client - you need to make sure that your **private keys** are on your client. Public keys go on the server. – EEAA Jan 15 '14 at 03:10
  • Updated my question. Hopefully that helps – greyfox Jan 15 '14 at 03:19

8 Answers8

10

Providing that you have loaded your private key on your client, then it sounds like this might be a permissions issue on the 'git' user home directory and .ssh directory.

Please try changing your /home/git directory to a mask of 0711:

chmod 0711 /home/git

Ensure the /home/git/.ssh directory has a mask of 0700:

chmod 0700 /home/git/.ssh

Ensure the /home/git/.ssh/authorized_keys file has a mask of 0600:

chmod 0600 /home/git/.ssh/authorized_keys

Replace /home/git with whatever your home directory for the 'git' user is, if it was different in the tutorial. If it's not permissions, then please let comment and we'll see what else might be the issue.

jaseeey
  • 1,462
  • 16
  • 20
  • That may have been the issue. I am know able to clone using git clone git@{hostname}:{workspace}/{repository} on my Mac. Unfortunately I left my Windows machine at work so I will need to give that a try tomorrow. Does the public / private key authentication not work over HTTP with Gitlab? I was under the impression that was how Github worked but I could be wrong about that. – greyfox Jan 15 '14 at 03:34
  • Public/private key authentication only works over SSH. If you use HTTP, you will need to use your username and password to do anything. If you are using a new version of Git, like v1.8, then it should prompt you for a username and password. Older versions of Git do not do this, so you have to add your username and password inline of the remote (i.e. `https://username:password@git.server.com/repo.git`) – jaseeey Jan 15 '14 at 03:38
  • Ahhhh that makes much more sense now. So does the GitHub for Windows app store the credentials? Thanks so much for the help! – greyfox Jan 15 '14 at 03:47
  • I haven't used the GitHub Windows application much, but I think from memory it required a login when you open it, so I would say that stores the access credentials to save you the ache of entering them all the time. – jaseeey Jan 15 '14 at 03:51
  • Please note that in current GitLab Omnibus the home directory is `/var/opt/gitlab`, not `/home/git`. – Michael Hampton Jul 18 '20 at 16:35
1

Check that you have only one record for your public key (which was imported through web face) in /home/git/.ssh/authorized_keys and this key has gitlab's prefix and title. In other words, if you've added the same key manually before installing gitlab then remove it.

sinm
  • 119
  • 2
  • You can have multiple keys in there and you will be able to login provided your private key can match up... – jaseeey Jan 16 '14 at 04:20
  • @Jason , i've just edited to explain more precisely – sinm Jan 16 '14 at 06:44
  • Thank you, this was it for me. I had put my ssh key in manually before using Gitlab to add a key and the duplicate keys caused issues. – 6ft Dan Dec 24 '18 at 09:40
1

I'd also recommend to check that user has proper permission to clone/pull/push in gitlab. I've just spend too much time looking through ssh/https configurations, when the reason for problem was user in gitlab not having enough permissions...

shtolik
  • 111
  • 2
1

In my situation I installed gitlab via FreeBSD packages. Gitlab SSH didn't work. The cause of this was a wrong home directory for git: (vipw)

git:*:211:211::0:0:gitosis user:/usr/local/git:/bin/sh

I changed this to:

git:*:211:211::0:0:gitosis user:/home/git:/bin/sh
gamecreature
  • 111
  • 3
1

This can happen if the host has a '-' in its name. (Even though this is legal according to RFC 952.)

ssh prompts me for a password for any host that happens to have a '-' in its name. This would seem to be purely a problem with ssh configuration file parsing because adding an alias to ~/.ssh/config (and using that alias in my git remote urls) resolved the problem.

In other words try putting something like the following in your C:/Users/{username}/.ssh/config

Host {a}
    User git
    Hostname {a-b.domain}
    IdentityFile C:/Users/{username}/.ssh/id_rsa

and where you have a remote of the form

origin  git@a-b.domain:repo-name.git

remove it and then re-add it using the form

origin  git@a:repo-name.git
Community
  • 1
SensorSmith
  • 113
  • 4
1

If you're using environment variables to pass the key, you should base64 encode them, otherwise they will probably fail with an error asking for your passphrase. This means that the key is corrupted. If you see:

$ ssh-add <(echo "$SSH_PRIVATE_KEY")
Enter passphrase for /dev/fd/63: ERROR: Job failed: exit code 1

Then base64 encode the SSH_PRIVATE_KEY variable. If you are on OS X,

cat ~/.ssh/ssh_key_for_project | base64 | pbcopy

will encode it and copy it to your clipboard. Now then change the .gitlab-ci.yml script line to 

- ssh-add <(echo "$SSH_PRIVATE_KEY" | base64 -d)
Jonathan Wilkins
  • 11
  • 1
0

Running eval $(ssh-agent) fixed my issue.

michalzuber
  • 121
  • 1
  • 5
0

My problem was the private keys file id_rsa created and saved by puttygen has a different format than the one created from a ubuntu machine. After I created a pair keys from ubuntu machine, copy these files back to Windows machine under %UserProfile%.ssh folder, then add the new generated public key to Gitlab. No more Permission Denied for me

Quang Le
  • 1