3

When making:

sudo git clone git@gitlab.mydomain.com:ws.git

I get an error:

> sudo git clone git@gitlab.mydomain.com:root/ws.git
Password:
Cloning into 'ws'…
The authenticity of host 'gitlab.mydomain.com (x.x.x.x)' can't be established.
RSA key fingerprint is xx:xx:xx…xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.mydomain.com,x.x.x.x' (RSA) to the list of known hosts.
git@gitlab.mydomain.com's password: 
Permission denied, please try again.
git@gitlab.mydomain.com's password: 
fatal: 'root/ws.git' does not appear to be a git repository
fatal: The remote end hung up unexpectedly

even if I change the url:

> sudo git clone git@gitlab.mydomain.com:ws.git
Password:
Cloning into 'ws'…
git@gitlab.mydomain.com's password: 
fatal: 'ws.git' does not appear to be a git repository
fatal: The remote end hung up unexpectedly

What is the problem?

Is it a problem with public cloning? Can I only clone adding a personal ssh key?

Update:

added a personal ssh-key:

now:

ssh -Tvvv root@gitlab.mydomain.com
OpenSSH_5.6p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /Users/user/.ssh/config
debug1: Applying options for gitlab.mydomain.com
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to gitlab.mydomain.com[x.x.x.x] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /Users/user/.ssh/root_gitlab.mydomain.com.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /Users/user/.ssh/root_gitlab.mydomain.com.de type 1
debug1: identity file /Users/user/.ssh/root_gitlab.mydomain.com-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4
debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 119/256
debug2: bits set: 499/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: host gitlab.mydomain.com filename /Users/user/.ssh/known_hosts
debug3: check_host_in_hostfile: host gitlab.mydomain.com filename /Users/user/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 43
debug3: check_host_in_hostfile: host x.x.x.x filename /Users/user/.ssh/known_hosts
debug3: check_host_in_hostfile: host x.x.x.x filename /Users/user/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 38
debug1: Host 'gitlab.mydomain.com' is known and matches the RSA host key.
debug1: Found key in /Users/user/.ssh/known_hosts:43
debug2: bits set: 511/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/user/.ssh/id_rsa (0x105725350)
debug2: key: /Users/user/.ssh/root_gitlab.mydomain.com (0x105724510)
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/user/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: /Users/user/.ssh/root_gitlab.mydomain.com
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@gitlab.mydomain.com's password:

What is the problem?

Update2:

this [ SSH Key asks for password ] doesn't work

Update3:

> sudo git clone --verbose git@gitlab.mydomain.com:ws.git
Cloning into 'ws'...
fatal: The remote end hung up unexpectedly
Community
  • 1
  • 1
static
  • 8,126
  • 15
  • 63
  • 89
  • It shouldn't ask you for a password. Does `ssh -Tvvv git@gitlab.mydomain.com` works? – VonC Jul 31 '13 at 06:03
  • This won't solve your problem with the command line, but I've found using TortoiseGit fixes errors returned by the command line. Even though, I'm choosing options in the same order as the commands. – ZeroPhase Jul 31 '13 at 06:04
  • how have you generated your SSH key pairs? Looks like it's reading a corrupted private key on client side, maybe you created one manually with copy/paste from an existing key and it broke the format? – Sébastien Dawans Jul 31 '13 at 06:48
  • @static why do you do a `ssh root@gitlab.mydomain.com`? Shouldn't it be with the account `git` instead of `root`? : `ssh git@gitlab.mydomain.com` – VonC Jul 31 '13 at 06:53
  • @static do you have a ``/Users/user/.ssh/config` file? And if yes, what is its content? – VonC Jul 31 '13 at 06:54
  • @VonC the gitlab user I add the key name "root" – static Jul 31 '13 at 06:59
  • @VonC yes, I have the file, I added there: Host gitlab.mydomain.com User root Hostname gitlab.mydomain.com IdentityFile ~/.ssh/root_gitlab.mydomain.com – static Jul 31 '13 at 07:06
  • @VonC changed to "git" user - didn't help – static Jul 31 '13 at 07:07
  • @static you mean you didn't create an account `git` to install gitlab? You did the all setup as `root`? – VonC Jul 31 '13 at 07:21
  • I created, but as I logged into gitlab I was an Administrator with the username "root" – static Jul 31 '13 at 07:29
  • @static I am referring to the unix account you used to install gitlab (I hope '`git`'): this has *nothing* to do with any gitlab account (named root or otherwise). Any ssh session should be done with the right unix account. – VonC Jul 31 '13 at 07:48
  • I see, but still (although I use "git" user) it doesn't work. – static Jul 31 '13 at 07:52
  • @static I understand it doesn't work, but it would still be useful to see the result of `ssh -Tvvv git@gitlab.mydomain.com` – VonC Jul 31 '13 at 08:57
  • wow...it asked me for a password for an ssh-key git@gitlab.mydomain.com. I enetered the passphrase and it didn't work: "Welcome to GitLab, Anonymous!" and then closed. – static Jul 31 '13 at 13:21
  • on the remote (git) host in the /var/log/auth.log: Jul 31 15:20:01 githost sshd[20943]: Accepted publickey for git from x.x.x.x port xxxxx ssh2 Jul 31 15:20:01 githost sshd[20943]: pam_unix(sshd:session): session opened for user git by (uid=0) Jul 31 15:20:01 githost sshd[20948]: Received disconnect from x.x.x.x: 11: disconnected by user – static Jul 31 '13 at 13:24
  • on the local host: sudo git clone git@gitlab.mydomain.com:ws.git Password: Cloning into 'ws'… fatal: The remote end hung up unexpectedly – static Jul 31 '13 at 13:27
  • actually I found these lines for ssh -Tvvv git@gitlab.mydomain.com: ... debug1: Authentication succeeded (publickey). Authenticated to gitlab.mydomain.com ([x.x.x.x]:22). ... – static Jul 31 '13 at 13:28
  • and in the /var/log/apache2/gitlab/access.log: x.x.x.x - - [31/Jul/2013:17:29:30] "GET //api/v3/internal/allowed?key_id=x&action=git-upload-pack&ref=_any&project=ws HTTP/1.1" 302 664 "-" "Ruby" – static Jul 31 '13 at 13:34

2 Answers2

1

Found a solution from here gitlabhq issue on github:

look in your puma or unicorn server config:

sudo nano /home/git/gitlab/config/puma.rb

read there a url which is binded (interesting is the port - in my case it was 9292// I changed binding variant from unix pipe to http://0.0.0.0:9292 some time ago)

change the config.yml in gitlab-shell appropriate:

sudo nano /home/git/gitlab-shell/config.yml

restart the gitlab service:

sudo service gitlab restart

(I don't know, but I restarted apache as well: sudo service apache2 restart)

done:

Now, just copy the url from the project page and do:

git clone your-gitlab-url

static
  • 8,126
  • 15
  • 63
  • 89
  • 1
    Sounds better, then :) Anyway, it is interesting to not mix up the unix user account used for ssh, and a gitlab account for git repo administration through the web interface. – VonC Jul 31 '13 at 15:26
  • yep, this advice is of course good. do you know any best practices for such a cases, maybe for all other platforms? – static Jul 31 '13 at 18:55
  • I mean for ANY other platform? :) – static Jul 31 '13 at 19:08
  • Mainly keep the account used for installing gitlab distinct from the administrative account (like root) – VonC Jul 31 '13 at 19:09
0

I had exactly this problem, and only managed to find the answer by trial and error.

> sudo git clone --verbose git@gitlab.mydomain.com:ws.git
Cloning into 'ws'...
fatal: The remote end hung up unexpectedly

It turned out that gitlab doesn't like 2048 bit SSH keys. I changed the SSH key to 4096 bit and it worked fine. I don't know if this is a consequence of sshd configuration or what, but it's what worked for me.

pol
  • 1
  • 3