767 Star 1.3K Fork 355

开源中国 / Gitee Feedback

 / 详情

Permission denied (publickey).

Accepted
Task
Opened this issue  
2021-02-03 12:50

之前是可以 git pull 和 git push 的,大约从上周开始就会报 Permission denied (publickey).
配置了新的密钥,还是出现同样的问题。
把密钥换到另一台电脑上测试是没有问题的。

  • git 仓库地址:git@gitee.com:dybai/e49-utils.git
  • 好使的电脑 git 版本:2.17.1
  • 有问题的电脑 git 版本:2.29.3
    测试命令:
$ ssh -i ~/.ssh/id_rsa_gitee -T git@gitee.com
git@gitee.com: Permission denied (publickey).

Comments (10)

dybai created测试任务
dybai set related repository to 开源中国/Gitee Feedback
Expand operation logs
Roger added
 
需要更多信息
label
Roger added 反馈已预处理(deleted) label

操作系统版本是:Fedora release 33 (Thirty Three)
内核版本是:5.10.7-200.fc33.x86_64

操作系统版本是:Fedora release 33 (Thirty Three)
内核版本是:5.10.7-200.fc33.x86_64

@dybai 你的公钥是否有问题?你将你这个公钥上传给另一台电脑,看看这台电脑能否无密登录上?

@dybai 你的公钥是否有问题?你将你这个公钥上传给另一台电脑,看看这台电脑能否无密登录上?

@liwen 换另一台电脑测试是可以的,主题里已经写明了两台电脑的 git 版本。

@liwen 换另一台电脑测试是可以的,主题里已经写明了两台电脑的 git 版本。

@dybai 我没有表述清楚:

  1. A 电脑的公钥上传到 Gitee,依然出现 Permission denied 问题;
  2. B 电脑的公钥上传到 Gitee,没有这个问题
    问题:
    A 电脑的公钥上传到 B 电脑后,B 电脑 ssh 访问 A 电脑,是否有问题?以此来验证 A 电脑的公钥是否正常

@dybai 我没有表述清楚:

  1. A 电脑的公钥上传到 Gitee,依然出现 Permission denied 问题;
  2. B 电脑的公钥上传到 Gitee,没有这个问题
    问题:
    A 电脑的公钥上传到 B 电脑后,B 电脑 ssh 访问 A 电脑,是否有问题?以此来验证 A 电脑的公钥是否正常

@liwen 是我没有表述清楚哈,验证过程如下:

实验前提:

  1. A 电脑是出现 Permission denied 问题的电脑;
  2. B 电脑是可以正常访问 gitee 的电脑。

实验一:

实验过程:

  1. 将 A 电脑的密钥拷贝到 B 电脑;
[A-PC]$ scp ~/.ssh/id_rsa_gitee user@192.168.3.16:~/.ssh
  1. 在 B 电脑使用第一步拷贝过来的密钥访问 gitee。
[B-PC]$ ssh -i ~/.ssh/id_rsa_gitee -T git@gitee.com
Hi dybai! You've successfully authenticated, but GITEE.COM does not provide shell access.

实验结果:

B 电脑通过 A 电脑的密钥可以正常访问 gitee。


实验二:

实验过程:

  1. 将 A 电脑的公钥添加到 B 电脑;
[A-PC]$ ssh-copy-id -i ~/.ssh/id_rsa_gitee user@192.168.3.16
  1. 在 A 电脑上访问 B 电脑;
[A-PC]$ ssh -i ~/.ssh/id_rsa_gitee user@192.168.3.16
  1. 在 A 电脑访问 gitee;
[A-PC]$ ssh -i ~/.ssh/id_rsa_gitee git@gitee.com
git@gitee.com: Permission denied (publickey).

实验结果:

  1. A 电脑可以使用公钥正常访问 B 电脑。
  2. A 电脑无法使用同样的公钥访问 gitee。

@dybai 我没有表述清楚:

  1. A 电脑的公钥上传到 Gitee,依然出现 Permission denied 问题;
  2. B 电脑的公钥上传到 Gitee,没有这个问题
    问题:
    A 电脑的公钥上传到 B 电脑后,B 电脑 ssh 访问 A 电脑,是否有问题?以此来验证 A 电脑的公钥是否正常

@liwen 补充一下ssh的详细日志。

$ ssh -i ~/.ssh/id_rsa_gitee -T git@gitee.com -v
OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS  8 Dec 2020
debug1: Reading configuration data /home/dybai/.ssh/config
debug1: /home/dybai/.ssh/config line 16: Applying options for gitee.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /home/dybai/.ssh/config
debug1: /home/dybai/.ssh/config line 16: Applying options for gitee.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Connecting to gitee.com [212.64.62.183] port 22.
debug1: Connection established.
debug1: identity file /home/dybai/.ssh/id_rsa_gitee type 0
debug1: identity file /home/dybai/.ssh/id_rsa_gitee-cert type -1
debug1: identity file /home/dybai/.ssh/id_rsa type 0
debug1: identity file /home/dybai/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4
debug1: Remote protocol version 2.0, remote software version Basalt-3.0.0
debug1: no match: Basalt-3.0.0
debug1: Authenticating to gitee.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256@libssh.org need=64 dh_need=64
debug1: kex: curve25519-sha256@libssh.org need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:FQGC9Kn/eye1W8icdBgrQp+KkGYoFgbVr17bmjey0Wc
debug1: Host 'gitee.com' is known and matches the ECDSA host key.
debug1: Found key in /home/dybai/.ssh/known_hosts:36
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/dybai/.ssh/id_rsa RSA SHA256:kPvcNsiGnMlnY8rhMiX5TKPobL3M3bUhUGB44iYJlww explicit agent
debug1: Will attempt key: /home/dybai/.ssh/id_rsa_gitee RSA SHA256:a7J6JqaJ98vU5Bq1okvKZLQYcnJtZi7GEETzXBBzrn0 explicit agent
debug1: Will attempt key: dybai@jenkins RSA SHA256:XHOUo45e8IuW8pOqH+j33LaGp14XBYN8zaVuZDSrlgM agent
debug1: Will attempt key: ssh_proxy RSA SHA256:NAMwdwW0Itv1gNHW7sJhQSM2HCLyZYwxRWyi8DdHXKI agent
debug1: Will attempt key: xxx@10.10.10.2 RSA SHA256:2bvUoeTv6HoPLAoXk/1h7wOQ7ki/wCzz2IaIVnGFKyg agent
debug1: Will attempt key: dybai@xxx-pc RSA SHA256:BYDl5U8f6Bnh3eC9gfnjCiJqCEiyGJHSF7ktfOG8VHU agent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/dybai/.ssh/id_rsa RSA SHA256:kPvcNsiGnMlnY8rhMiX5TKPobL3M3bUhUGB44iYJlww explicit agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Offering public key: /home/dybai/.ssh/id_rsa_gitee RSA SHA256:a7J6JqaJ98vU5Bq1okvKZLQYcnJtZi7GEETzXBBzrn0 explicit agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Offering public key: dybai@jenkins RSA SHA256:XHOUo45e8IuW8pOqH+j33LaGp14XBYN8zaVuZDSrlgM agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Offering public key: ssh_proxy RSA SHA256:NAMwdwW0Itv1gNHW7sJhQSM2HCLyZYwxRWyi8DdHXKI agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Offering public key: xxx@10.10.10.2 RSA SHA256:2bvUoeTv6HoPLAoXk/1h7wOQ7ki/wCzz2IaIVnGFKyg agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Offering public key: dybai@xxx-pc RSA SHA256:BYDl5U8f6Bnh3eC9gfnjCiJqCEiyGJHSF7ktfOG8VHU agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: No more authentication methods to try.
git@gitee.com: Permission denied (publickey).

.ssh目录详细信息:

$ ls -l ~/.ssh/
-r--------. 1 dybai dybai  1704 Apr 20  2020 10.10.10.3.prv
-rw-------. 1 dybai dybai  1967 Jul 28  2020 authorized_keys
-rw-r--r--. 1 dybai dybai   418 Feb  3 11:54 config
-rw-------. 1 dybai dybai  1679 Oct 16  2018 id_rsa
-rw-------. 1 dybai dybai  2602 Mar  1 18:45 id_rsa_gitee
-rw-r--r--. 1 dybai dybai   567 Mar  1 18:45 id_rsa_gitee.pub
-rw-------. 1 dybai dybai  1675 Feb 19  2020 id_rsa_xxx_android
-rw-r--r--. 1 dybai dybai   399 Feb 19  2020 id_rsa_xxx_android.pub
-rw-------. 1 dybai dybai  1675 Jul  3  2019 id_rsa_jenkins
-rw-r--r--. 1 dybai dybai   395 Jul  3  2019 id_rsa_jenkins.pub
-rw-r--r--. 1 dybai dybai   406 Oct 16  2018 id_rsa.pub
-rw-------. 1 dybai dybai  1675 Feb 24  2020 id_rsa_ssh_proxy
-rw-r--r--. 1 dybai dybai   391 Feb 24  2020 id_rsa_ssh_proxy.pub
-rw-------. 1 dybai dybai  1679 Sep 27  2019 id_rsa_sw_github
-rw-r--r--. 1 dybai dybai   397 Sep 27  2019 id_rsa_sw_github.pub
-rw-------. 1 dybai dybai 28013 Feb 26 13:29 known_hosts
-rw-------. 1 dybai dybai 26638 Sep 23 14:34 known_hosts.old

debug1: /home/dybai/.ssh/config line 16: Applying options for gitee.com

  • 这里有啥特别的配置?
  • 两台机器的 gitee.com [212.64.62.183] 是否一致?

看你本地的 openssh 版本,建议使用 ED25519

参见:#I2RWXZ:SSH-RSA key rejected with message "no mutual signature algorithm"

看你本地的 openssh 版本,建议使用 ED25519
参见:#I2RWXZ:SSH-RSA key rejected with message "no mutual signature algorithm"

@Zoker 果然是这个原因,换为 ED25519 的密钥就好了,非常感谢!

dybai changed issue state from 待办的 to 已完成
Yang. changed issue type from 测试任务(deleted) to 任务
Yang. changed issue state from 已完成 to 已验收
Yang. removed 反馈已预处理(deleted) label

Sign in to comment

Status
Assignees
Projects
Milestones
Pull Requests
Successfully merging a pull request will close this issue.
Branches
Planed to start   -   Planed to end
-
Top level
Priority
Duration (hours)
参与者(5)
5370906 yuriluo 1578985551 8934 dybai 1578914605 13510 liwen 1621912484 340906 lowkey2046 1581471282 62561 kesin 1578916009
Ruby
1
https://gitee.com/oschina/git-osc.git
git@gitee.com:oschina/git-osc.git
oschina
git-osc
Gitee Feedback

Search