通过SSH隧道连接到gitosis服务器 [英] Connecting to gitosis server through an SSH tunnel
问题描述
I've got an SSH tunnel setup on my macbook, like this...
我的Macbook上有SSH隧道设置, :gitosis-server:22 user@firewall.domain.com
$ ssh -o ServerAliveInterval=3 -N -L 22222:gitosis-server:22 user@firewall.domain.com
所以我可以ssh到localhost:22222,并且最终会在gitosis-server后面防火墙。
So I can ssh to localhost:22222 and will end up on the gitosis-server behind the firewall.
我创建了一个本地id_rsa.pub文件,将它复制到gitosis服务器(运行Centos5),并且导入到gitosis使用...
I've created a local id_rsa.pub file, copied it into the gitosis server(running Centos5), and imported it into gitosis using...
# sudo -H -u gitosis gitosis-init
It was successful as I can see the public key in /var/lib/gitosis/.ssh/authorized_keys.
Back on my macbook I setup a ~/.ssh/config file with the following...
Host gitosis-server
Hostname localhost
HostKeyAlias gitosis-server.domain.com
Port 22222
$ b $所以......我认为这个命令应该可以工作......
So...I'm thinking this command should work...
$ git clone gitosis@gitosis-server:gitosis-admin.git
它不会因为它出现要求输入密码....当公共密钥应该正常工作时。
It does not however as it comes up asking for a password....when the public keys should be working.
Initialized empty Git repository in /Users/USER/Development/gitrepo/gitosis-admin/.git/
gitosis@localhost's password:
有关让git通过防火墙后面的gitosis服务器的任何想法?
谢谢,
Matt
编辑 - 从SSH尝试中添加调试
Any ideas on getting git working through to a gitosis server behind a firewall?
我做了这个命令,'ssh -vvv gitosis @ gitosis-server'。我得到了一些调试,它似乎不喜欢我的身份。
Thanks,
Matt
EDIT - Adding Debug From SSH Attempt
< OK>编辑2
好的......肯定是一个坏钥匙。我再次检查了所有密钥,当然发现gitosis-server在authorized_keys文件中保存了一个错误密钥。
debug2: key: /Users/USER/.ssh/id_rsa.gitosis (0x1019b0) debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug3: start over, passed a different list publickey,gssapi-with-mic,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /Users/USER/.ssh/id_rsa.gitosis debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password gitosis@localhost's password:
我仔细看了一下gitosis服务器上的authorized_keys文件....这是不正确的。我再次检查了我从工作站复制到/ tmp的公钥文件,它是正确的,但与authorized_keys中的文件不同。我删除了服务器上的authorized_keys文件,并重新执行'sudo -H -u gitosis gitosis-init< /tmp/id_rsa.gitosis.pub。再次检查authorized_keys文件.....它仍然是错误的。
我通过编辑authorized_keys手动更新它,并添加正确的密钥,然后我得到它从我的工作站通过隧道进行一两次尝试。然后它像以前一样停止工作。我回到了gitosis服务器上的authorized_keys文件,果然...... gitosis已将它恢复到旧键不起作用。
OK...Definately a bad key. I double checked all my keys again and of course found the gitosis-server was holding a bad key in the authorized_keys file.
为什么是否这样做......恢复到一个糟糕的公钥......即使我试图用上面的命令添加它......没有改变它......然后手动改变它....这然后git又恢复到了糟糕的状态。
debug1: userauth-request for user gitosis service ssh-connection method none debug1: attempt 0 failures 0 debug1: PAM: initializing for "gitosis" debug1: PAM: setting PAM_RHOST to "firewall.domain.com" debug1: PAM: setting PAM_TTY to "ssh" debug1: userauth-request for user gitosis service ssh-connection method publickey debug1: attempt 1 failures 1 debug1: test whether pkalg/pkblob are acceptable debug1: temporarily_use_uid: 102/103 (e=0/0) debug1: trying public key file /var/lib/gitosis/.ssh/authorized_keys debug1: restore_uid: 0/0 debug1: temporarily_use_uid: 102/103 (e=0/0) debug1: trying public key file /var/lib/gitosis/.ssh/authorized_keys2 debug1: restore_uid: 0/0 Failed publickey for gitosis from FIRE.WALL.IP.ADDRESS port 52453 ssh2
这就像gitosis一直记住我放在那里的第一个密钥....并且不会让我改变它到了正确的键。
I took a closer look at the authorized_keys file on the gitosis server....and it was incorrect. I double checked the public key file I had copied into /tmp from my workstation and it was the correct one, but different from what was in authorized_keys. I deleted the authorized_keys file on the server and reran the 'sudo -H -u gitosis gitosis-init < /tmp/id_rsa.gitosis.pub'. Checked the authorized_keys file again.....and it was still wrong.
令人沮丧的...
Matt
Why is it doing this....reverting back to a bad public key....even after I tried adding it with the above command...which failed to change it....then changed it manually....which worked but git then reverted back to the bad one again.
推荐答案
追踪:
我不确定gitosis为什么要重复使用一个坏公钥。试图迫使它采取正确的密钥没有奏效。
所以今天我刚刚删除并重新安装了我的CentOS5盒子上的gitosis软件包。
Frustrating...
Matt
在我的Mac上,我SSH隧道localhost:22222通过防火墙到gitosis-server:22。
Followup:
I'm not sure why gitosis insisted on reusing a bad public key. Trying to force it to take the correct key did not work.
在我的Mac上,我创建了〜/ .ssh / config,看起来像这样...
On my Mac, I SSH tunnel localhost:22222 through the firewall to gitosis-server:22.
$ ssh -o ServerAliveInterval=3 -N -L 22222:gitosis-server:22 user@firewall.domain.comOn my Mac, I created ~/.ssh/config that looks like this...
Host gitosis-server Hostname localhost IdentityFile ~/.ssh/id_rsa.gitosis HostKeyAlias gitosis-server.domain.com Port 22222
然后...按照本网站的说明...
http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way