我的macbook上有一个SSH隧道设置,就像这样......
$ ssh -o ServerAliveInterval=3 -N -L 22222:gitosis-server:22 user@firewall.domain.com
所以我可以ssh到localhost:22222并最终将防火墙后面的gitosis服务器.
我创建了一个本地id_rsa.pub文件,将其复制到gitosis服务器(运行Centos5),然后使用...将其导入gitosis.
# sudo -H -u gitosis gitosis-initIt was successful as I can see the public key in /var/lib/gitosis/.ssh/authorized_keys.
Back on my macbook I setup a ~/.ssh/config file with the following...Host gitosis-server Hostname localhost HostKeyAlias gitosis-server.domain.com Port 22222所以...我认为这个命令应该有效......
$ git clone gitosis@gitosis-server:gitosis-admin.git然而,它不会因为它要求输入密码....当公钥应该工作时.
Initialized empty Git repository in /Users/USER/Development/gitrepo/gitosis-admin/.git/ gitosis@localhost's password:关于让git工作到防火墙后面的gitosis服务器的任何想法?
谢谢,
马特
编辑 - 从SSH尝试添加调试
我做了这个命令,'ssh -vvv gitosis @ gitosis-server'.我得到了一些调试,它似乎不喜欢我的身份.
debug2: key: /Users/USER/.ssh/id_rsa.gitosis (0x1019b0) debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug3: start over, passed a different list publickey,gssapi-with-mic,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /Users/USER/.ssh/id_rsa.gitosis debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password gitosis@localhost's password:
编辑2
好的......肯定是坏密钥.我再次检查了所有的密钥,当然发现gitosis-server在authorized_keys文件中持有一个坏密钥.
debug1:用户gitosis服务的userauth-request ssh-connection方法无debug1:尝试0失败0 debug1:PAM:初始化为"gitosis"debug1:PAM:将PAM_RHOST设置为"firewall.domain.com"debug1:PAM:将PAM_TTY设置为"ssh"debug1:用户gitosis服务的userauth-request ssh-connection方法publickey debug1:尝试1次失败1 debug1:测试pkalg/pkblob是否可接受debug1:temporary_use_uid:102/103(e = 0/0)debug1:尝试公开密钥文件/var/lib/gitosis/.ssh/authorized_keys debug1:restore_uid:0/0 debug1:temporary_use_uid:102/103(e = 0/0)debug1:尝试公钥文件/var/lib/gitosis/.ssh/ authorized_keys2 debug1:restore_uid:0/0来自FIRE.WALL.IP.ADDRESS端口52453 ssh2的gitosis失败的公钥
我仔细看了一下gitosis服务器上的authorized_keys文件....这是不正确的.我仔细检查了我从工作站复制到/ tmp的公钥文件,它是正确的,但与authorized_keys中的不同.我删除了服务器上的authorized_keys文件并重新输入'sudo -H -u gitosis gitosis-init
我通过编辑authorized_keys并添加正确的密钥手动更新它,然后我让它从我的工作站通过隧道工作一两次尝试.然后它像以前一样停止工作.我回到了gitosis服务器上的authorized_keys文件,果然...... gitosis已经将它恢复为无效的旧密钥.
它为什么这样做......恢复到一个糟糕的公钥....即使我尝试使用上面的命令添加它...但未能改变它....然后手动改变它....哪个有效但git然后再回到坏的一个.
这就像gitosis一直记住我放在那里的第一把钥匙......并且不会让我把它改成纠正的钥匙.
令人沮丧的...
马特
京公网安备 11010802040832号 | 京ICP备19059560号-6 