| View previous topic :: View next topic |
| Author |
Message |
grapefruithoarder2000
n00b
Joined: 19 Feb 2024
Posts: 11
|
 Posted: Sat May 11, 2024 4:19 pm Post subject: Permission denied when trying to push code to my git server |
 |
|
Hello people. So i have a server box with a git repository that i push code to (duh) through ssh.
Everything's been working a-ok for months and i never had any problems with it.
I had to pause my personal projects for a while so most of my code and projects stayed dormant but today i got back to it and wrote some code. And then i decided to push it to the server...
| Code: | git@192.168.1.30: Permission denied (publickey).
fatal: Could not read from remote repository. |
Okay...
First things i checked was:
- Is the server on? (yes)
- Can i ssh in to the normal non-git user on it? (yes)
- Reboot the server and try to push again? (did not work)
This was really strange so i checked some more things
- Does my public key match the authorized_keys file contents for the git user? (yes)
- Is the sshd_config file correct? (yes, i think so? I haven't changed it since setting ssh up)
So then i just tried to ssh to the git user:
| Code: |
ssh git@192.168.1.30
git@192.168.1.30: Permission denied (publickey).
|
I dont have a damn clue what i could have done. It could be a problem on the server's side.
Or maybe a problem on my client computer. I have no idea.
I don't know if this is the right place to ask becasue my cleint computer is gentoo, but the server is debian. But i guess ill ask anyway because making an account on debian forums didnt even work 
_________________
If you are a false don't entry
The nuclear drums will crush your brain
Because you'll be burned and died |
|
| Back to top |
|
 |
Hu
Administrator
Joined: 06 Mar 2007
Posts: 21780
|
| Posted: Sat May 11, 2024 4:46 pm Post subject: |
|
|
| grapefruithoarder2000 wrote: | - Does my public key match the authorized_keys file contents for the git user? (yes)
- Is the sshd_config file correct? (yes, i think so? I haven't changed it since setting ssh up)
So then i just tried to ssh to the git user:
| Code: |
ssh git@192.168.1.30
git@192.168.1.30: Permission denied (publickey).
|
I dont have a damn clue what i could have done. It could be a problem on the server's side.
Or maybe a problem on my client computer. I have no idea. |
Your output says the server is not accepting the public key that the client attempts to use. This must mean that the public key the client uses is not on the list of keys the server allows. It could mean you checked the wrong ~/.ssh/authorized_keys file on the server. It could mean you're not using the public key you think you are. It could mean the server found your key on the RevokedKeys list. The output of ssh -v git@192.168.1.30 would show us which key is used. Check whether that key is the one you checked against the server. |
|
| Back to top |
|
|
grapefruithoarder2000
n00b
Joined: 19 Feb 2024
Posts: 11
|
| Posted: Sat May 11, 2024 4:55 pm Post subject: |
|
|
| Hu wrote: | | grapefruithoarder2000 wrote: | - Does my public key match the authorized_keys file contents for the git user? (yes)
- Is the sshd_config file correct? (yes, i think so? I haven't changed it since setting ssh up)
So then i just tried to ssh to the git user:
| Code: |
ssh git@192.168.1.30
git@192.168.1.30: Permission denied (publickey).
|
I dont have a damn clue what i could have done. It could be a problem on the server's side.
Or maybe a problem on my client computer. I have no idea. |
Your output says the server is not accepting the public key that the client attempts to use. This must mean that the public key the client uses is not on the list of keys the server allows. It could mean you checked the wrong ~/.ssh/authorized_keys file on the server. It could mean you're not using the public key you think you are. It could mean the server found your key on the RevokedKeys list. The output of ssh -v git@192.168.1.30 would show us which key is used. Check whether that key is the one you checked against the server. |
| Code: |
OpenSSH_9.6p1, OpenSSL 3.0.13 30 Jan 2024
debug1: Reading configuration data /home/oskar/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/9999999gentoo-security.conf
debug1: Reading configuration data /etc/ssh/ssh_config.d/9999999gentoo.conf
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 192.168.1.30 [192.168.1.30] port 22.
debug1: Connection established.
debug1: identity file /home/oskar/.ssh/id_rsa type -1
debug1: identity file /home/oskar/.ssh/id_rsa-cert type -1
debug1: identity file /home/oskar/.ssh/id_ecdsa type -1
debug1: identity file /home/oskar/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/oskar/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/oskar/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/oskar/.ssh/id_ed25519 type 3
debug1: identity file /home/oskar/.ssh/id_ed25519-cert type -1
debug1: identity file /home/oskar/.ssh/id_ed25519_sk type -1
debug1: identity file /home/oskar/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/oskar/.ssh/id_xmss type -1
debug1: identity file /home/oskar/.ssh/id_xmss-cert type -1
debug1: identity file /home/oskar/.ssh/id_dsa type -1
debug1: identity file /home/oskar/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2+deb12u2
debug1: compat_banner: match: OpenSSH_9.2p1 Debian-2+deb12u2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.30:22 as 'git'
debug1: load_hostkeys: fopen /home/oskar/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:43Q7I+AEapKwJeL482T9Vks1IFxSUIt1wT5h0qiRzgc
debug1: load_hostkeys: fopen /home/oskar/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.1.30' is known and matches the ED25519 host key.
debug1: Found key in /home/oskar/.ssh/known_hosts:5
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com,ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_ext_info_check_ver: publickey-hostbound@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Will attempt key: /home/oskar/.ssh/id_rsa
debug1: Will attempt key: /home/oskar/.ssh/id_ecdsa
debug1: Will attempt key: /home/oskar/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/oskar/.ssh/id_ed25519 ED25519 SHA256:0Xtk6ZcKUV3gwVG8VdBhstFPqD9jJxoqyAyBZdaq2O4
debug1: Will attempt key: /home/oskar/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/oskar/.ssh/id_xmss
debug1: Will attempt key: /home/oskar/.ssh/id_dsa
debug1: Trying private key: /home/oskar/.ssh/id_rsa
debug1: Trying private key: /home/oskar/.ssh/id_ecdsa
debug1: Trying private key: /home/oskar/.ssh/id_ecdsa_sk
debug1: Offering public key: /home/oskar/.ssh/id_ed25519 ED25519 SHA256:0Xtk6ZcKUV3gwVG8VdBhstFPqD9jJxoqyAyBZdaq2O4
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/oskar/.ssh/id_ed25519_sk
debug1: Trying private key: /home/oskar/.ssh/id_xmss
debug1: Trying private key: /home/oskar/.ssh/id_dsa
debug1: No more authentication methods to try.
git@192.168.1.30: Permission denied (publickey).
|
Im not very good with this verbose output but if you wanna take a look here it is ^^
_________________
If you are a false don't entry
The nuclear drums will crush your brain
Because you'll be burned and died |
|
| Back to top |
|
|
Banana
Veteran
Joined: 21 May 2004
Posts: 1416
Location: Germany
|
| Posted: Sat May 11, 2024 6:48 pm Post subject: |
|
|
Do you run any software to manage your git repository? Like bitbucket, gitlab or github?
Make sure the directory permission for the server side are correct[/quote]
| Code: | sudo chmod 700 ~/.ssh/
sudo chmod 600 ~/.ssh/*
sudo chown -R User ~/.ssh/
sudo chgrp -R User ~/.ssh/ |
_________________
My personal space
My delta-labs.org snippets do expire
PFL - Portage file list - find which package a file or command belongs to. |
|
| Back to top |
|
|
grapefruithoarder2000
n00b
Joined: 19 Feb 2024
Posts: 11
|
| Posted: Sat May 11, 2024 7:02 pm Post subject: |
|
|
| Banana wrote: | Do you run any software to manage your git repository? Like bitbucket, gitlab or github?
Make sure the directory permission for the server side are correct |
| Code: | sudo chmod 700 ~/.ssh/
sudo chmod 600 ~/.ssh/*
sudo chown -R User ~/.ssh/
sudo chgrp -R User ~/.ssh/ |
[/quote]
1. Im not sure if cgit counts but i use that for a simple visualization
2. Im pretty sure my permissions and ownership were already correct but i tried the commands in case i might have missed anything but it did no difference.
_________________
If you are a false don't entry
The nuclear drums will crush your brain
Because you'll be burned and died |
|
| Back to top |
|
|
Banana
Veteran
Joined: 21 May 2004
Posts: 1416
Location: Germany
|
|
| Back to top |
|
|
grapefruithoarder2000
n00b
Joined: 19 Feb 2024
Posts: 11
|
| Posted: Sun May 12, 2024 9:36 am Post subject: |
|
|
| Banana wrote: | | Strange. Since it does workt with the non git user, compare the rights and files. Maybe there is something off. |
I have no idea what to do anymore. I have tried so many things.
I triple checked all permisisons
I checked the config files
I checked if i was using the correct public key
I even made a new keypair and it's still not working. My normal user works though...
At this point im wondering if im the stupid one here who cant see the obvious problem or if this is something completely out of my power. This sucks... 
_________________
If you are a false don't entry
The nuclear drums will crush your brain
Because you'll be burned and died |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3175
|
| Posted: Sun May 12, 2024 10:48 am Post subject: |
|
|
Try to log in with ssh using git's private key.
If it fails, adding -v to the command line should give you some information on what the issue might be. Or -vv for more info, or even -vvv if you want it to talk your ears off.
_________________
Make Computing Fun Again |
|
| Back to top |
|
|
grapefruithoarder2000
n00b
Joined: 19 Feb 2024
Posts: 11
|
| Posted: Sun May 12, 2024 11:01 am Post subject: |
|
|
Hey people. I've finally figured out what the problem was.
I checked the sshd_config file again and what was causing this was a line in the config file:
I'll be honest, i dont really remember ever putting this in the file but i must have done that at some point i guess... Because as soon as i changed it to:
| Code: | | AllowGroups oskar git |
Everything just worked...
I will admit that its a pretty stupid thing i put myself through but i don't even remember adding that to the config, or when i added it. 
Though i will say that the verbose output didnt really help. Nor did the "Permission denied (publickey)" errors help. But i can't really blame anyone but myself so yeah thanks to everyone who came here to help.
_________________
If you are a false don't entry
The nuclear drums will crush your brain
Because you'll be burned and died |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 21780
|
| Posted: Sun May 12, 2024 2:55 pm Post subject: |
|
|
Did the sshd log mention this as the reason?
In the future, when you modify a configuration file like this, consider either leaving a comment justifying it, or using a version control system to track the file and putting an explanation in the commit message. As you say, this must be a line you added, and if you had written a comment then, you might know now why you did it. |
|
| Back to top |
|
|
|
Networking & Security
