Gitlab Ce Doesn't Add a Public Key to Authorized_Keys

Gitlab CE Doesn't Add a Public Key to authorized_keys

You may want to configure Fast lookup of authorized SSH keys in the database.

This should solve the problem you're facing and it won't require manual rebuild of authorized_keys file whenever someone adds or removes SSH/deploy key in GitLab.

Edit: This bug was introduced with GitLab 12.9. It was confirmed and it should be resolved with 12.9.1 patch release, which is expected to be released soon.

Getting permission denied (public key) on gitlab

I found this after searching a lot. It will work perfectly fine for me.

  1. Go to "Git Bash" just like cmd. Right click and "Run as Administrator".
  2. Type ssh-keygen
  3. Press enter.
  4. It will ask you to save the key to the specific directory.
  5. Press enter. It will prompt you to type password or enter without password.
  6. The public key will be created to the specific directory.
  7. Now go to the directory and open .ssh folder.
  8. You'll see a file id_rsa.pub. Open it on notepad. Copy all text from it.
  9. Go to https://gitlab.com/-/profile/keys or
  10. Paste here in the "key" textfield.
  11. Now click on the "Title" below. It will automatically get filled.
  12. Then click "Add key".

Now give it a shot and it will work for sure.

Where to store the ssh public key for connecting GitLab to Bitbucket?

The home directory for the git User in an Omnibus install is by default /var/opt/gitlab. You can either check your gitlab.rb config file for the key user['home'] and see if you have modified it or do a cat /etc/passwdand find the home diretory for the user git there.

Default value user['home'](remember the # means it is commented out):

# user['home'] = "/var/opt/gitlab"

Output of cat /etc/passwd | grep git:

git:x:1000:1000:git,,,:/var/opt/gitlab:/bin/sh

Once you have found out where the home directory for the user git is, you can put bitbucket_rsa.pub in the folder .ssh. If it doesn't exist you can create that folder.

Can't open ssh/authorized_keys of user

Sounds like you're almost there! I'm not sure exactly what you have and haven't done though, so I'll explain the whole process.

First, I'm guessing (because you're using puTTY) that your computer runs Windows? If so, first you'll need to install Git for Windows, which you can download from the official Git website. Download it and install it, accepting the default choices in the installer.

That will leave you with an item in your Start menu called Git Bash. You'll use this to perform what comes next. (You don't actually need Git itself installed, but the Git for Windows installer adds some additional tools like ssh-keygen that you will need.)

If your computer is actually running Linux or Mac OS X rather than Windows then you already have the tools you need. You can follow the same instructions, but instead of using Git Bash to enter commands, use a terminal window.

From now on, I'll just refer to typing things "in the terminal". If you're using Windows, type these things in the Git Bash window.

Step 1: On your own computer, check for an SSH key pair

In the terminal, type:

ls ~/.ssh/id_rsa*

This should list two files: id_rsa and id_rsa.pub. If they exist, move on to step 2. If not, type:

ssh-keygen

then follow the prompts to create them. Then run the ls command again to confirm that they're now there.

Step 2: Upload your public SSH key to the server

The public key is the one called id_rsa.pub. You can upload it to the server using the scp command:

scp ~/.ssh/id_rsa.pub git@my-server.com

Enter the git user's password when prompted.

Step 3: add your key to the git user's authorized_keys file

First SSH in to the server as the git user:

ssh git@my-server.com

Enter the git user's password again. Once you're logged in as the git user, type the following:

mkdir -p ~/.ssh/

This will create the .ssh directory if it doesn't already exist. If it does exist, it doesn't do anything.

Now add your key to the authorized_keys file:

cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

That will take the contents of id_rsa.pub, the file that you just uploaded, and add them to the end of the authorized_keys file. If authorized_keys doesn't exist, this command will create it first.

(Note: Be really careful to type two right angled brackets (>>) in that command line. Two right angled brackets means append the contents of id_rsa.pub to the authorized_keys file. If you only use one that means replace the contents of authorized_keys with the contents of id_rsa.pub, and you don't want to do that.)

You can check this has worked by running cat on each file and making sure that you can see the contents of id_rsa.pub at the end of authorized_keys:

cat ~/id_rsa.pub
cat ~/.ssh/authorized_keys

Once you've confirmed that, delete id_rsa.pub; you won't need it again.

rm ~/.ssh/id_rsa.pub

Finally, set permissions on the .ssh directory and .ssh/authorized_keys so that only the owner of those files (the git user) can access them. Otherwise, the SSH server will refuse to use them. So:

chmod 700 ~/.ssh
chmod 400 ~/.ssh/authorized_keys

That makes the directory usable only by the git user, and the file inside it only accessible to the git user.

You should find that you're now good to go!

GitLab: SSH access with key without granting access to whole webserver

If GitLab users upload ssh keys in their profiles, the keys WILL show up in authorized_keys, BUT, they should include the following before the key:
command="/path-to-shell/gitlab-shell/bin/gitlab-shell key-id",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

This limits users with that key to ONLY having access to that one command, and the other params are intended to ensure they cannot get to a terminal, or proxy through your server.

source: http://man.he.net/man5/authorized_keys (search for 'command=')

Adding SSH Key to authorized_keys: permission denied(publickey)

You need to copy the content of id_rsa.pub to the bitbucket avcount its in the settings page

For more info https://confluence.atlassian.com/display/BITBUCKET/How+to+install+a+public+key+on+your+Bitbucket+account

GitLab CI: SSH fail, unable to authenticate private key

I'm not sure about sshpass, since I usually use public/private keys. Here's an example of a job I would setup to run SCP/SSH commands on remote servers:

deploy:
stage: deploy
variables:
hostname: app-dev
before_script:
# optional step if you decide to use a hostname instead of IP address
- cp -f ./network/etc/hosts /etc/hosts
# Setup SSH
- which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
- eval $(ssh-agent -s)
- ssh-add <(cat $SSH_PRIVATE_KEY)
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $HOSTNAME >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
# Copy files and execute commands
- scp ./scripts/install_package.sh root@$HOSTNAME:/tmp/deploy
- ssh root@$HOSTNAME "/tmp/deploy/install_package.sh && exit"

Before running the pipeline, you need to do the following:

  1. Generate ssh key pairs using ssh-keygen. Don't use a passphrase. Public key ends in .pub, private key has no extension.
  2. SSH onto remote server, copy contents of public key into ~/.ssh/authorized_keys
  3. Copy contents of your private key into a GitLab File Environment Variables called SSH_PRIVATE_KEY
  4. If you use a $HOSTNAME environment variable, define the variable in your pipeline and add the IP/hostname to the /etc/hosts file in your pipeline container. Otherwise, just use an IP address instead.


Related Topics



Leave a reply



Submit