OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.0.7
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-544
Permission Denied when using SSH (OD-544)
rhdev opened 4 years ago

Same problem as issue onedev/server#512.

  1. Created a new key using ssh-keygen.
  2. Applied Public key to my account at code.onedev.io.
  3. Attempted to Clone the onedev server repo
  4. Error received
$ git clone ssh://onedevio/onedev/server
Cloning into 'server'...
The authenticity of host '[code.onedev.io]:6611 ([52.35.0.81]:6611)' can't be established.
RSA key fingerprint is SHA256:Gg0OiQ2xJfb8FZ5KP7X697F0UXtaWyPg0IlZJkwTt2o.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[code.onedev.io]:6611' (RSA) to the list of known hosts.
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

SSH config file created as follows:

Host onedevio
  HostName code.onedev.io
  Port 6611
  IdentityFile ~/.ssh/onedeviokey
  User rhdev
  • Robin Shen commented 4 years ago

    You are missing the onedev ssh port in the url. Try below instead:

    git clone ssh://code.onedev.io:6611/onedev/server
  • rhdev commented 4 years ago

    @robin - you can see in the response back that the correct port has been used as per what was configured in the SSH config file.

  • Robin Shen commented 4 years ago

    I see you are cloning using below command:

    git clone ssh://onedevio/onedev/server

    I can clone with below command successfully:

    git clone ssh://code.onedev.io:6611/onedev/server

    If still not working, please let me know exact command used to generate your SSH keys

  • rhdev commented 4 years ago 
    $ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/rhdev/.ssh/id_rsa): onedeviokey
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in onedeviokey
Your public key has been saved in onedeviokey.pub
The key fingerprint is:
SHA256:...snip... rhdev@laptop
The key's randomart image is:
+---[RSA 3072]----+
... snip ...
+----[SHA256]-----+

    SSH config:

    Host code.onedev.io
  HostName code.onedev.io
  Port 6611
  User rhdev
  IdentityFile ~/.ssh/onedeviokey

    $ git clone ssh://code.onedev.io:6611/onedev/server
Cloning into 'server'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
  • Robin Shen commented 4 years ago

    Not sure why this is happening. I am testing on Mac and it works fine. What is your OS? Are your public key starts with ssh_rsa?

  • rhdev commented 4 years ago

    @robin Yep. Started with SSH-RSA. I tried again using verbose output:

    $ git clone --verbose --progress ssh://code.onedev.io:6611/onedev/server -c core.sshCommand="ssh -v"
Cloning into 'server'...
OpenSSH_8.8p1, OpenSSL 1.1.1m  14 Dec 2021
debug1: Reading configuration data /home/rhdev/.ssh/config
debug1: /home/rhdev/.ssh/config line 66: Applying options for code.onedev.io
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to code.onedev.io [52.35.0.81] port 6611.
debug1: Connection established.
debug1: identity file /home/rhdev/.ssh/onedeviokey type 0
debug1: identity file /home/rhdev/.ssh/onedeviokey-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version APACHE-SSHD-2.7.0
debug1: compat_banner: no match: APACHE-SSHD-2.7.0
debug1: Authenticating to code.onedev.io:6611 as 'rhdev'
debug1: load_hostkeys: fopen /home/rhdev/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:Gg0OiQ2xJfb8FZ5KP7X697F0UXtaWyPg0IlZJkwTt2o
debug1: load_hostkeys: fopen /home/rhdev/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[code.onedev.io]:6611' is known and matches the RSA host key.
debug1: Found key in /home/rhdev/.ssh/known_hosts:104
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/rhdev/.ssh/onedeviokey RSA SHA256:...snip... explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/rhdev/.ssh/onedeviokey RSA SHA256:...snip... explicit
debug1: send_pubkey_test: no mutual signature algorithm
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

    This gave me a clue - I believe it's not supporting RSA? I recreated using ed25519 algo instead:

    $ssh-keygen -t ed25519 -C "[email protected]"

    I can now clone the server repo:

    $ git clone --verbose --progress ssh://codeonedevio2:6611/onedev/server -c core.sshCommand="ssh -v"
Cloning into 'server'...
OpenSSH_8.8p1, OpenSSL 1.1.1m  14 Dec 2021
debug1: Reading configuration data /home/rhdev/.ssh/config
debug1: /home/rhdev/.ssh/config line 72: Applying options for codeonedevio2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to code.onedev.io [52.35.0.81] port 6611.
debug1: Connection established.
debug1: identity file /home/rhdev/.ssh/onedeviokey2 type 3
debug1: identity file /home/rhdev/.ssh/onedeviokey2-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version APACHE-SSHD-2.7.0
debug1: compat_banner: no match: APACHE-SSHD-2.7.0
debug1: Authenticating to code.onedev.io:6611 as 'rhdev'
debug1: load_hostkeys: fopen /home/rhdev/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:Gg0OiQ2xJfb8FZ5KP7X697F0UXtaWyPg0IlZJkwTt2o
debug1: load_hostkeys: fopen /home/rhdev/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[code.onedev.io]:6611' is known and matches the RSA host key.
debug1: Found key in /home/rhdev/.ssh/known_hosts:104
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/rhdev/.ssh/onedeviokey2 ED25519 SHA256:...snip... explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/rhdev/.ssh/onedeviokey2 ED25519 SHA256:...snip...o explicit
debug1: Server accepts key: /home/rhdev/.ssh/onedeviokey2 ED25519 SHA256:...snip... explicit
Authenticated to code.onedev.io ([52.35.0.81]:6611) using "publickey".
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: filesystem full
debug1: Sending environment.
debug1: channel 0: setting env GIT_PROTOCOL = "version=2"
debug1: Sending command: git-upload-pack '/onedev/server'
remote: Enumerating objects: 176231, done.
remote: Counting objects: 100% (9409/9409), done.
remote: Compressing objects: 100% (5613/5613), done.
remote: Total 176231 (delta 5047), reused 4226 (delta 2366), pack-reused 166822
Receiving objects: 100% (176231/176231), 168.28 MiB | 387.00 KiB/s, done.
Resolving deltas: 100% (107531/107531), done.
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 37568, received 176878916 bytes, in 448.8 seconds
Bytes per second: sent 83.7, received 394120.7
debug1: Exit status 0
  • Robin Shen commented 4 years ago

    This is odd. Both rsa and ed25519 key works at my side. What is your OS/version?

  • Robin Shen commented 4 years ago
  • rhdev commented 4 years ago

    Using Arch Linux.

    Software and versions: lib32-libssh2 1.10.0-1 libssh 0.9.6-1 libssh2 1.10.0-1 openssh 8.8p1-1 git 2.35.0-1

    That link is what drew me to trying ed25519 as a resolution.

  • Robin Shen commented 4 years ago

    Are you able to use your RSA keys to clone via SSH over github?

  • rhdev commented 4 years ago

    Yep, no problems with GitHub.

  • OneDev changed state to 'Closed' 4 years ago
    Previous Value Current Value 
    Open
    		 
    Closed
  • OneDev commented 4 years ago

    State changed as code fixing the issue is committed

  • OneDev changed state to 'Released' 4 years ago
    Previous Value Current Value 
    Closed
    		 
    Released
  • OneDev commented 4 years ago

    State changed as build #2259 is successful

  • shizz commented 4 years ago

    @rhdev, try to do this command to apply your generated key go git config, and it will work like a charm.

    git config --add --local core.sshCommand 'ssh -i <path_to_your_private_key>'
  • Trevor Sullivan commented 3 years ago

    Same problem here with OneDev 8.5.0. I can't use SSH to clone a repository from a local OneDev instance, using my SSH private key. I even tried generating / importing an ed25519 key, and it still fails.

    I really want to use self-hosted OneDev, but if I can't even get SSH working, it's a deal breaker. Thanks for the free software though .... it's pretty cool.

  • Robin Shen commented 3 years ago

    Can you please let me know the detailed reproducing steps? This always works at my side (and on many others using OneDev).

  • Trevor Sullivan commented 3 years ago

    I just set up a new Docker container with OneDev, and it's working fine now. I have no idea what was going on before. It was weird.

issue 1/1
Type
Bug
Priority
Normal
Assignee
Robin Shen
Affected Versions
Not Found
Issue Votes (0)
Login to vote
Watchers (6)
Reference
OD-544
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover