gitolite setup getting FATAL: fingerprinting failed for '/tmp/Q3pnE4WVbu'

Question

I am installing gitolite on a CentOS 5.9 server. I have created the git user, then after su - git I have managed to get my public key into the ~/.ssh/ directory, I have successfully cloned the gitolite repo from github and have run gitolite/install -ln. Next step is to run gitolite setup.

git@hostname [~]# gitolite setup -pk $HOME/.ssh/micha.pub
Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/
Initialized empty Git repository in /home/git/repositories/testing.git/
FATAL: fingerprinting failed for '/tmp/Q3pnE4WVbu'

Google search and a search here on SO have not helped me resolve this FATAL error, and I am now stymied.

Am I supposed to have customised the gitolite.conf file previous to running the setup? I have been following the instructions from http://gitolite.com/gitolite/progit.html as they are a little easier for noob like me to understand than the normal gitolite documentation. However these instructions make no mention of customising the .conf file.

---

UPDATE: I have tried generating a new key and it still fails:

git@hostname [~]# ssh-keygen -t rsa -C "Gitolite Admin Access (not interactive)" -P "" 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/git/.ssh/id_rsa): /home/git/.ssh/micha
/home/git/.ssh/micha already exists.
Overwrite (y/n)? y
Your identification has been saved in /home/git/.ssh/micha.
Your public key has been saved in /home/git/.ssh/micha.pub.
The key fingerprint is:
33:b6:62:8b:b9:58:07:7a:71:6a:02:a5:ff:7e:c3:3a Gitolite Admin Access (not interactive)
git@hostname [~]# gitolite setup -pk $HOME/.ssh/micha.pub
Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/
Initialized empty Git repository in /home/git/repositories/testing.git/
FATAL: fingerprinting failed for '/tmp/pUKqewb66w'

I have also tried replacing $HOME with the full path, just in case the su - git had confused it. Is there some problem with my ssh install? Not sure how there would be as I am using ssh to connect to this server.

---

UPDATE: It turns out gitolite was retaining the public keys I had tried to set up with previously that had failed. I then removed the all the repos, the gitolite source directory, the symlink in ~/bin and the .gitolite directory and started the install process again. I cloned the gitolite repo from github, generated a new key after deleting all the other keys that I had tried to use before. I then ran gitolite install -ln and finally

git@hostname [~]# gitolite setup -pk $HOME/admin.pub
Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/
Initialized empty Git repository in /home/git/repositories/testing.git/
FATAL: fingerprinting failed for '/tmp/tsIx4cKWHj'

Still failing.

Answer 1

if you are taking the pub key from puttykeygen etc.. it will be in multi line with headers like

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "test@example.com"
startofkeylines
....
endofkey==
---- END SSH2 PUBLIC KEY ----

Remove the --- begin and end lines, and the Comment: line. Make all the key lines in one line. and prefix with ssh-rsa, like this:

ssh-rsa startofkeylines....endofkey==

This is what worked for me.

Answer 2

gitolite is fingerprinting all keys in the .ssh directory - including the authorized_keys file. Remove any unneeded or corrupt keys from the .ssh directory and the authorized_keys file.

Answer 3

I ran into the same problem. Turned out that during copy-paste I included a newline into one of my keys. Took me some time to spot it...

Answer 4

You wrote, "It turns out gitolite was retaining the public keys I had tried to set up with previously that had failed."

I had the same problem. I was getting the error:

FATAL: fingerprinting failed for 'keydir/jsmith.pub'

I deleted the failing key on the client side, and did a git push, but still the same issue. Thus I had to logon to the gitolite server and run the following:

rm ~/.gitolite/keydir/jsmith.pub
gitolite setup

This fixed the problem. This works because per the gitolite documentation, "The pubkey files from this push are checked-out into ~/.gitolite/keydir". Well if there is some FATAL error that happens, then the pub keys won't be put in their proper place. So it's possible you could have even formatted your ssh keys properly, and it still won't get written.

Answer 5

As I mentioned before, that means the ssh key hasn't been properly generated.

Try:

ssh-keygen -t rsa -f "${H}/.ssh/micha" -C "Gitolite Admin access (not interactive)" -q -P ""

---

The OP mwotton reports clearing the ~/.ssh from any prior ssh keys was the solution.
This is because the ssh-authkeys.fp_file() function is called with a find:

chomp( my @pubkeys = `find keydir/ -type f -name "*.pub" | sort` );

So it can grab previous (possibly corrupted) keys that already were in ~/.ssh.

Answer 6

I have tried all the key regeneration, gitolite reinstalation, clearing all key files, etc, all without success, untill I started looking at Git history for gitolite.

The problem was that master branch on the github & google.code repos was broken. I checked out last stable version v3.6.4 at the finger print problem dissapeared. I think I can spot one recent commit that nreaks this.

Answer 7

The issue I encountered was that openssh, in or around version v6.8 changed the default cipher for a fingerprint (ssh-keygen -lf path-to-key) so one must now explicitly pass the cipher type (-E md5) to get the legacy behavior. Reviewing the CHANGES file reveals that v3.6.5 of gitolite will 'handle new style ssh fingerprinting correctly (thanks to Robin Johnson)'. An upgrade of gitolite resolved the issue for me.

Answer 8

For me, I got it working by not running the gitolite command as the root user. I created a git user account (and found out that it needs to be an account that can be logged into ... that is, no /bin/false in /etc/passwd).

Answer 9

I upgraded gitolite from v2 to v3, runs install and setup the admin key

then force push the config repository, all issues are now fixed.