Gitlab CE Doesn't Add a Public Key to authorized_keys
You may want to configure Fast lookup of authorized SSH keys in the database.
This should solve the problem you're facing and it won't require manual rebuild of authorized_keys file whenever someone adds or removes SSH/deploy key in GitLab.
Edit: This bug was introduced with GitLab 12.9. It was confirmed and it should be resolved with 12.9.1 patch release, which is expected to be released soon.
Getting permission denied (public key) on gitlab
I found this after searching a lot. It will work perfectly fine for me.
- Go to "Git Bash" just like cmd. Right click and "Run as Administrator".
- Type
ssh-keygen
- Press enter.
- It will ask you to save the key to the specific directory.
- Press enter. It will prompt you to type password or enter without password.
- The public key will be created to the specific directory.
- Now go to the directory and open
.ssh
folder. - You'll see a file
id_rsa.pub
. Open it on notepad. Copy all text from it. - Go to https://gitlab.com/-/profile/keys or
- Paste here in the "key" textfield.
- Now click on the "Title" below. It will automatically get filled.
- Then click "Add key".
Now give it a shot and it will work for sure.
Where to store the ssh public key for connecting GitLab to Bitbucket?
The home directory for the git User in an Omnibus install is by default /var/opt/gitlab
. You can either check your gitlab.rb
config file for the key user['home']
and see if you have modified it or do a cat /etc/passwd
and find the home diretory for the user git there.
Default value user['home']
(remember the # means it is commented out):
# user['home'] = "/var/opt/gitlab"
Output of cat /etc/passwd | grep git
:
git:x:1000:1000:git,,,:/var/opt/gitlab:/bin/sh
Once you have found out where the home directory for the user git is, you can put bitbucket_rsa.pub
in the folder .ssh
. If it doesn't exist you can create that folder.
Can't open ssh/authorized_keys of user
Sounds like you're almost there! I'm not sure exactly what you have and haven't done though, so I'll explain the whole process.
First, I'm guessing (because you're using puTTY) that your computer runs Windows? If so, first you'll need to install Git for Windows, which you can download from the official Git website. Download it and install it, accepting the default choices in the installer.
That will leave you with an item in your Start menu called Git Bash. You'll use this to perform what comes next. (You don't actually need Git itself installed, but the Git for Windows installer adds some additional tools like ssh-keygen
that you will need.)
If your computer is actually running Linux or Mac OS X rather than Windows then you already have the tools you need. You can follow the same instructions, but instead of using Git Bash to enter commands, use a terminal window.
From now on, I'll just refer to typing things "in the terminal". If you're using Windows, type these things in the Git Bash window.
Step 1: On your own computer, check for an SSH key pair
In the terminal, type:
ls ~/.ssh/id_rsa*
This should list two files: id_rsa and id_rsa.pub. If they exist, move on to step 2. If not, type:
ssh-keygen
then follow the prompts to create them. Then run the ls
command again to confirm that they're now there.
Step 2: Upload your public SSH key to the server
The public key is the one called id_rsa.pub. You can upload it to the server using the scp
command:
scp ~/.ssh/id_rsa.pub git@my-server.com
Enter the git user's password when prompted.
Step 3: add your key to the git user's authorized_keys file
First SSH in to the server as the git user:
ssh git@my-server.com
Enter the git user's password again. Once you're logged in as the git user, type the following:
mkdir -p ~/.ssh/
This will create the .ssh directory if it doesn't already exist. If it does exist, it doesn't do anything.
Now add your key to the authorized_keys file:
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
That will take the contents of id_rsa.pub, the file that you just uploaded, and add them to the end of the authorized_keys file. If authorized_keys doesn't exist, this command will create it first.
(Note: Be really careful to type two right angled brackets (>>
) in that command line. Two right angled brackets means append the contents of id_rsa.pub to the authorized_keys file. If you only use one that means replace the contents of authorized_keys with the contents of id_rsa.pub, and you don't want to do that.)
You can check this has worked by running cat
on each file and making sure that you can see the contents of id_rsa.pub at the end of authorized_keys:
cat ~/id_rsa.pub
cat ~/.ssh/authorized_keys
Once you've confirmed that, delete id_rsa.pub; you won't need it again.
rm ~/.ssh/id_rsa.pub
Finally, set permissions on the .ssh directory and .ssh/authorized_keys so that only the owner of those files (the git user) can access them. Otherwise, the SSH server will refuse to use them. So:
chmod 700 ~/.ssh
chmod 400 ~/.ssh/authorized_keys
That makes the directory usable only by the git user, and the file inside it only accessible to the git user.
You should find that you're now good to go!
GitLab: SSH access with key without granting access to whole webserver
If GitLab users upload ssh keys in their profiles, the keys WILL show up in authorized_keys, BUT, they should include the following before the key:command="/path-to-shell/gitlab-shell/bin/gitlab-shell key-id",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
This limits users with that key to ONLY having access to that one command, and the other params are intended to ensure they cannot get to a terminal, or proxy through your server.
source: http://man.he.net/man5/authorized_keys (search for 'command=')
Adding SSH Key to authorized_keys: permission denied(publickey)
You need to copy the content of id_rsa.pub to the bitbucket avcount its in the settings page
For more info https://confluence.atlassian.com/display/BITBUCKET/How+to+install+a+public+key+on+your+Bitbucket+account
GitLab CI: SSH fail, unable to authenticate private key
I'm not sure about sshpass
, since I usually use public/private keys. Here's an example of a job I would setup to run SCP
/SSH
commands on remote servers:
deploy:
stage: deploy
variables:
hostname: app-dev
before_script:
# optional step if you decide to use a hostname instead of IP address
- cp -f ./network/etc/hosts /etc/hosts
# Setup SSH
- which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
- eval $(ssh-agent -s)
- ssh-add <(cat $SSH_PRIVATE_KEY)
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $HOSTNAME >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
# Copy files and execute commands
- scp ./scripts/install_package.sh root@$HOSTNAME:/tmp/deploy
- ssh root@$HOSTNAME "/tmp/deploy/install_package.sh && exit"
Before running the pipeline, you need to do the following:
- Generate ssh key pairs using
ssh-keygen
. Don't use a passphrase. Public key ends in.pub
, private key has no extension. - SSH onto remote server, copy contents of public key into
~/.ssh/authorized_keys
- Copy contents of your private key into a GitLab File Environment Variables called
SSH_PRIVATE_KEY
- If you use a
$HOSTNAME
environment variable, define the variable in your pipeline and add the IP/hostname to the/etc/hosts
file in your pipeline container. Otherwise, just use an IP address instead.
Related Topics
Why Are Several Signal Numbers Architecture-Dependent on Linux
Rename Multiple Files - Linux/Ubuntu
Arch/X86/Include/Asm/Unistd.H VS. Include/Asm-Generic/Unistd.H
Generic Printing Using a Usb Port
Convert a Base64 Ldif File to Plaintext (For Import)
Link Extraction from a Google Page in Bash
How to Cross-Compile a Autotools Project for Arm
Kaldi Toolkit Installation Error on Ubuntu 16.04
Perl and Bash Variable Substitution, with Hexadecimal Characters and Repeat Count
Bash Linux - Massive Folder Rename
Intel-Pt Does Not Record Any Packets When Kvm-Qemu Is On
How to Disable The Gnome Desktop Screen Lock
Ftrace: System Crash When Changing Current_Tracer from Function_Graph via Echo
Finding All Directories That Are World Readable
Can't Load Mod_Wsgi Compiled for Python 3