Mik*_*H-R 6 ssh dbus archlinux gitlab
对不起,如果只是为了澄清我的一切,这将是一个非常详细的帖子.一切似乎都正确配置并运行:
bundle exec rake gitlab:check RAILS_ENV=production
除了绿灯之外别无他物.添加一个ssh密钥似乎工作正常,我们可以推送https://
当我们尝试与客户端连接时,我们得到:
$ git push -u origin master
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
进一步探索这个产量:
$ GIT_TRACE=1 git push -u origin master
trace: built-in: git 'push' '-u' 'origin' 'master'
trace: run_command: 'ssh' '-p' '2222' 'gitlab@myserver.net' 'git-receive-pack '\''/root/test1.git'\'''
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
除了退出代码为1之外,使用调试信息运行此操作并不会产生任何兴趣.
在我们尝试连接时查看服务器上的日志我们得到了这个(它在arch linux上运行):
$ journalctl -f
Jan 21 21:42:59 michaelarch sshd[2633]: Accepted publickey for gitlab from 192.168.1.1 port 58207 ssh2: ECDSA XX:e3:XX:aa:XX:0a:XX:37:XX:ad:XX:4f:XX:ab:ab:XX
Jan 21 21:42:59 michaelarch sshd[2633]: pam_unix(sshd:session): session opened for user gitlab by (uid=0)
Jan 21 21:42:59 michaelarch systemd[1]: Starting user-1001.slice.
Jan 21 21:42:59 michaelarch systemd[1]: Created slice user-1001.slice.
Jan 21 21:42:59 michaelarch systemd[1]: Starting User Manager for 1001...
Jan 21 21:42:59 michaelarch systemd[1]: Starting Session 20 of user gitlab.
Jan 21 21:42:59 michaelarch systemd-logind[461]: New session 20 of user gitlab.
Jan 21 21:42:59 michaelarch systemd[1]: Started Session 20 of user gitlab.
Jan 21 21:42:59 michaelarch systemd[2635]: pam_unix(systemd-user:session): session opened for user gitlab by (uid=0)
Jan 21 21:42:59 michaelarch systemd[2635]: Failed to open private bus connection: Failed to connect to socket /run/user/1001/dbus/user_bus_socket: No such file or directory
Jan 21 21:42:59 michaelarch systemd[2635]: Mounted /sys/kernel/config.
Jan 21 21:42:59 michaelarch systemd[2635]: Mounted /sys/fs/fuse/connections.
Jan 21 21:42:59 michaelarch systemd[2635]: Stopped target Sound Card.
Jan 21 21:42:59 michaelarch systemd[2635]: Starting Default.
Jan 21 21:42:59 michaelarch systemd[2635]: Reached target Default.
Jan 21 21:42:59 michaelarch systemd[2635]: Startup finished in 23ms.
Jan 21 21:42:59 michaelarch systemd[1]: Started User Manager for 1001.
Jan 21 21:42:59 michaelarch sshd[2636]: Received disconnect from 192.168.1.1: 11: disconnected by user
Jan 21 21:42:59 michaelarch sshd[2633]: pam_unix(sshd:session): session closed for user gitlab
Jan 21 21:42:59 michaelarch systemd-logind[461]: Removed session 20.
Jan 21 21:42:59 michaelarch systemd[1]: Stopping User Manager for 1001...
Jan 21 21:42:59 michaelarch systemd[2635]: Stopping Default.
Jan 21 21:42:59 michaelarch systemd[2635]: Stopped target Default.
Jan 21 21:42:59 michaelarch systemd[2635]: Starting Shutdown.
Jan 21 21:42:59 michaelarch systemd[2635]: Reached target Shutdown.
Jan 21 21:42:59 michaelarch systemd[2635]: Starting Exit the Session...
Jan 21 21:42:59 michaelarch systemd[1]: Stopped User Manager for 1001.
Jan 21 21:42:59 michaelarch systemd[1]: Stopping user-1001.slice.
Jan 21 21:42:59 michaelarch systemd[1]: Removed slice user-1001.slice.
现在我的假设是失败的dbus排队:
Jan 21 21:42:59 michaelarch systemd[2635]: Failed to open private bus connection: Failed to connect to socket /run/user/1001/dbus/user_bus_socket: No such file or directory
可能导致问题,但我无法弄清楚,我已经达到了我的知识极限.
当然有很多配置文件,但我想我已经调查了所有这些,任何想法或测试都非常受欢迎.
身份验证似乎成功运行:
ssh -vvT gitlab@myserver.net
得到:
......
debug1: Server accepts key: pkalg ecdsa-sha2-nistp521 blen 172
debug2: input_userauth_pk_ok: fp XX:e3:XX:aa:af:0a:ca:37:08:ad:XX:4f:XX:ab:ab:XX
debug1: read PEM private key done: type ECDSA
debug1: Authentication succeeded (publickey).
Authenticated to myserver.net ([11.123.5.462]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3780, received 2908 bytes, in 0.0 seconds
Bytes per second: sent 76566.5, received 58903.5
debug1: Exit status 1
编辑:添加更多详细信息以回应评论.
小智 1
我目前遇到完全相同的问题。经过一些实验,我发现以下内容: gitlab 用户应该无法登录,因此 /etc/passwd 中的 shell 设置为 /bin/false。对于 SSH 访问,~gitlab/.ssh/authorized_keys 中定义了一个强制命令,该命令使用密钥作为参数执行 gitlab-shell,以使连接用户可以访问基本的 git 操作。
现在我发现,当/etc/passwd中的用户shell设置为/bin/false时,强制命令机制根本不起作用,并且ssh连接挂起。解决方法是只为用户提供默认的登录 shell,以便强制执行命令。
但是,说实话,我不知道这是否应该如何工作,特别是强制命令是否应该仅在用户具有功能性登录 shell 时才起作用(即默认值比强制命令。我希望将 shell 设置为 /bin/false,这样当authorized_keys 文件中的配置正确时,用户得到的是 gitlab-shell,如果不正确,用户什么也得不到。现在,配置错误将赋予用户比我预期更多的权限。)
| 归档时间: |
|
| 查看次数: |
3094 次 |
| 最近记录: |