From 2d93984693038b0ff6b76e0d47c9e5e483d53dd4 Mon Sep 17 00:00:00 2001 From: heibai2006 Date: Wed, 15 Feb 2023 19:19:22 +0000 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20'git=E9=80=9A=E8=BF=87ssh?= =?UTF-8?q?=E8=BF=9C=E7=A8=8B=E9=83=A8=E7=BD=B2=E6=9D=83=E9=99=90=E9=97=AE?= =?UTF-8?q?=E9=A2=98'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...%B2%E6%9D%83%E9%99%90%E9%97%AE%E9%A2%98.md | 129 ++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 git%E9%80%9A%E8%BF%87ssh%E8%BF%9C%E7%A8%8B%E9%83%A8%E7%BD%B2%E6%9D%83%E9%99%90%E9%97%AE%E9%A2%98.md diff --git a/git%E9%80%9A%E8%BF%87ssh%E8%BF%9C%E7%A8%8B%E9%83%A8%E7%BD%B2%E6%9D%83%E9%99%90%E9%97%AE%E9%A2%98.md b/git%E9%80%9A%E8%BF%87ssh%E8%BF%9C%E7%A8%8B%E9%83%A8%E7%BD%B2%E6%9D%83%E9%99%90%E9%97%AE%E9%A2%98.md new file mode 100644 index 0000000..4313149 --- /dev/null +++ b/git%E9%80%9A%E8%BF%87ssh%E8%BF%9C%E7%A8%8B%E9%83%A8%E7%BD%B2%E6%9D%83%E9%99%90%E9%97%AE%E9%A2%98.md @@ -0,0 +1,129 @@ +# 具体日志 +``` +ssh -T git@home.des8.com -p 8022 -vvv +OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 +debug1: Reading configuration data /root/.ssh/config +debug1: /root/.ssh/config line 1: Applying options for home.des8.com +debug1: Reading configuration data /etc/ssh/ssh_config +debug1: /etc/ssh/ssh_config line 58: Applying options for * +debug2: resolving "home.des8.com" port 8022 +debug2: ssh_connect_direct: needpriv 0 +debug1: Connecting to home.des8.com [27.218.222.100] port 8022. +debug1: Connection established. +debug1: permanently_set_uid: 0/0 +debug1: identity file /root/.ssh/id_ed25519 type 4 +debug1: key_load_public: No such file or directory +debug1: identity file /root/.ssh/id_ed25519-cert type -1 +debug1: Enabling compatibility mode for protocol 2.0 +debug1: Local version string SSH-2.0-OpenSSH_7.4 +debug1: Remote protocol version 2.0, remote software version OpenSSH_9.0 +debug1: match: OpenSSH_9.0 pat OpenSSH* compat 0x04000000 +debug2: fd 3 setting O_NONBLOCK +debug1: Authenticating to home.des8.com:8022 as 'git' +debug3: put_host_port: [home.des8.com]:8022 +debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" +debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1 +debug3: load_hostkeys: loaded 1 keys from [home.des8.com]:8022 +debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 +debug3: send packet: type 20 +debug1: SSH2_MSG_KEXINIT sent +debug3: receive packet: type 20 +debug1: SSH2_MSG_KEXINIT received +debug2: local client KEXINIT proposal +debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c +debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss +debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc +debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc +debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 +debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 +debug2: compression ctos: none,zlib@openssh.com,zlib +debug2: compression stoc: none,zlib@openssh.com,zlib +debug2: languages ctos: +debug2: languages stoc: +debug2: first_kex_follows 0 +debug2: reserved 0 +debug2: peer server KEXINIT proposal +debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 +debug2: host key algorithms: ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256 +debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com +debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com +debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 +debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 +debug2: compression ctos: none,zlib@openssh.com +debug2: compression stoc: none,zlib@openssh.com +debug2: languages ctos: +debug2: languages stoc: +debug2: first_kex_follows 0 +debug2: reserved 0 +debug1: kex: algorithm: curve25519-sha256 +debug1: kex: host key algorithm: ecdsa-sha2-nistp256 +debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none +debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none +debug1: kex: curve25519-sha256 need=64 dh_need=64 +debug1: kex: curve25519-sha256 need=64 dh_need=64 +debug3: send packet: type 30 +debug1: expecting SSH2_MSG_KEX_ECDH_REPLY +debug3: receive packet: type 31 +debug1: Server host key: ecdsa-sha2-nistp256 SHA256:bOJUYtHFt3ukwAyhdffG3Xmc2YWnPEqKrdDnfiBpe/4 +debug3: put_host_port: [27.218.222.100]:8022 +debug3: put_host_port: [home.des8.com]:8022 +debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" +debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1 +debug3: load_hostkeys: loaded 1 keys from [home.des8.com]:8022 +debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" +debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1 +debug3: load_hostkeys: loaded 1 keys from [27.218.222.100]:8022 +debug1: Host '[home.des8.com]:8022' is known and matches the ECDSA host key. +debug1: Found key in /root/.ssh/known_hosts:1 +debug3: send packet: type 21 +debug2: set_newkeys: mode 1 +debug1: rekey after 134217728 blocks +debug1: SSH2_MSG_NEWKEYS sent +debug1: expecting SSH2_MSG_NEWKEYS +debug3: receive packet: type 21 +debug1: SSH2_MSG_NEWKEYS received +debug2: set_newkeys: mode 0 +debug1: rekey after 134217728 blocks +debug2: key: /root/.ssh/id_ed25519 (0x560dc4d08100), explicit, agent +debug3: send packet: type 5 +debug3: receive packet: type 7 +debug1: SSH2_MSG_EXT_INFO received +debug1: kex_input_ext_info: server-sig-algs= +debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0> +debug3: receive packet: type 6 +debug2: service_accept: ssh-userauth +debug1: SSH2_MSG_SERVICE_ACCEPT received +debug3: send packet: type 50 +debug3: receive packet: type 51 +debug1: Authentications that can continue: publickey +debug3: start over, passed a different list publickey +debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password +debug3: authmethod_lookup publickey +debug3: remaining preferred: keyboard-interactive,password +debug3: authmethod_is_enabled publickey +debug1: Next authentication method: publickey +debug1: Offering ED25519 public key: /root/.ssh/id_ed25519 +debug3: send_pubkey_test +debug3: send packet: type 50 +debug2: we sent a publickey packet, wait for reply +debug3: receive packet: type 51 +debug1: Authentications that can continue: publickey +debug2: we did not send a packet, disable method +debug1: No more authentication methods to try. +Permission denied (publickey). + +``` +# 主要错误表现 + +1. Authentications that can continue: publickey +2. Permission denied (publickey) + +# 原因 +原因是docker部署的gitea里的.ssh目录权限有问题 + +# 修复 +在gitea里执行 +``` +chmod 0700 /data/git/.ssh/ +chmod 0600 /data/git/.ssh/authorized_keys +``` \ No newline at end of file