GitLab SSH密钥停止工作

Question

好吧,我多次偶然发现这个话题,但这是第一次没有常规解决方案有效.

我有运行GitLab的CentOS 6.4服务器.它已经有超过20个用户和60多个项目,但大约5个小时前,我的主要登台服务器第一次无法使用密钥身份验证连接到GitLab计算机,并提示输入密码.我重新生成了RSA密钥并将其添加到我的部署密钥中,但也失败了.

接下来,我尝试在登台服务器上创建一个新用户,为它创建一个密钥,然后将其添加到GitLab,但它仍然失败.

权限:

drwxr-x---  22 root root 4.0K Oct 28 13:20 root

内根:

drwx------   2 root root     4096 Oct 28 11:49 .ssh

里面.ssh:

-rw-------  1 root root  227 Oct 28 11:48 authorized_keys
-rw-------  1 root root 1675 Oct 28 13:09 id_rsa
-rw-------  1 root root  398 Oct 28 13:09 id_rsa.pub
-rw-r--r--  1 root root  413 Oct 28 11:49 known_hosts

当我尝试连接到git机器时:

OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to git.mygitlab.com [212.29.122.24] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'git.mygitlab.com' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-    mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-    mic,password
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
git@git.mygitlab.com's password:

当我通过Web界面添加SSH密钥时,它们不会被添加到.ssh/authorized_keys.

我真的不知道下一步该尝试什么:(

Answer 1

如果您添加到GitLab的密钥没有进入.ssh/authorized_keys:

1. 确保sidekiq正在运行.密钥被添加到Sidekiq工作者的gitlab-shell中,因此如果Sidekiq关闭或积压,他们将不会进入.您可以在输出中检查这一点,ps -fu git并通过检查管理页面上的"后台作业"选项卡.
2. 确保GitLab可以正确执行gitlab-shell.Sidekiq工作人员通过执行gitlab-shell进程来添加密钥.尤其是,如果这是不行的ssh_user设置不正确的gitlab.yml,或者如果gitlab壳安装到比其他位置~/gitlab-shell的用户.
3. 验证服务器的/ home分区未满.如果authorized_keys存储文件的磁盘已填满,则密钥追加失败!这个让我好几次.用df -h /home来看你是否还有空间.

检查日志以获取来自gitlab-shell的错误消息:根据问题,错误消息可能出现在unicorn或sidekiq的日志中.