2

New installed Windows 11,created key pair with ssh-keygen -t rsa -C "my@email.com" command and uploaded the content in id_rsa.pub file to the git server, then run git clone git@server:user/repo in windows terminal powershell , then I got the note of Permission denied.

  • I have confirmed the public key I uploaded is correct, and the private key file can be correctly access from git bash, cygwin terminal and windows terminal powershell.

  • I tried to delete the key pair and regenerate one then upload, which is helpless.

  • I tried to change a git server including coding.net, gitee.com and github.com, and the reports are the same.(with Permission denied)

  • I confirm that the remote git repo is existent.

  • I confirm that I can correctly access the git repo via https and username-password authentication.

  • I tried clone the repo on my mac or linux, and they are ok.

After I searched some posts on this site, I tried ssh -v git@gitee.com, then got the report below:

OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to gitee.com [212.64.62.183] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\ye/.ssh/id_rsa type 0
debug1: identity file C:\\Users\\ye/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\ye/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\ye/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\ye/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\ye/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\ye/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\ye/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\ye/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\ye/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version ssh-pilot-1.1.1
debug1: no match: ssh-pilot-1.1.1
debug1: Authenticating to gitee.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:+ULzij2u99B9eWYFTw1Q4ErYG/aepHLbu96PAUCoV88
debug1: Host 'gitee.com' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\ye/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\ye/.ssh/id_rsa RSA SHA256:vjf1QWcO+923/akAbAnZybgl+L9eJBDDTDtKyqvXdkA
debug1: Will attempt key: C:\\Users\\ye/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\ye/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\ye/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\ye/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\ye/.ssh/id_rsa RSA SHA256:vjf1QWcO+923/akAbAnZybgl+L9eJBDDTDtKyqvXdkA
debug1: Server accepts key: C:\\Users\\ye/.ssh/id_rsa RSA SHA256:vjf1QWcO+923/akAbAnZybgl+L9eJBDDTDtKyqvXdkA
debug1: Authentication succeeded (publickey).
Authenticated to gitee.com ([212.64.62.183]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi Lagom! You've successfully authenticated, but GITEE.COM does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Connection to gitee.com closed.
Transferred: sent 3084, received 1512 bytes, in 0.2 seconds
Bytes per second: sent 15886.8, received 7788.8
debug1: Exit status 0

It seems I have right to access the git server, but here is what I received after I rerun the git clone command.

PS D:\Workspace> git clone git@gitee.com:username/demo-repo.git
Cloning into 'demo'...
git@gitee.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

What can I do to make it correct?

vorbote
  • 33
  • 5
  • Does this answer your question? [ssh "permissions are too open" error](https://stackoverflow.com/questions/9270734/ssh-permissions-are-too-open-error) – jo3rn Nov 06 '21 at 16:13
  • I found that problem and made it right, the post now has already been updated. But I still got `git@gitee.com: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.` – vorbote Nov 06 '21 at 16:15
  • 1
    Gitee now demand non-RSA keys; it seems odd that your ssh test with an RSA key worked. (There is the fact that Windows and Git-for-Windows have competing ssh implementations inside them, too, which sometimes causes issues here, but I don't think it should cause this particular one.) – torek Nov 07 '21 at 03:22
  • @torek That's doesn't make sense, not only gitee but github, gitlab, coding and all of git servers reported `Permission denied`, are all servers dont support rsa key anymore? – vorbote Nov 07 '21 at 06:17
  • 1
    There's an update to OpenSSH that rejects short RSA keys by default. As everyone updates to the latest, they stop working. It's not quite all at once, but it's fairly rapid. (That doesn't mean that this *is* the problem, but it's a possibility.) – torek Nov 07 '21 at 07:33

1 Answers1

0

Hi username! You've successfully authenticated, but GITEE.COM does not provide shell access.

Your keydoes work for basic authentication, but you are still unable to clone username/demo-repo.git (assuming that "username" is the same one as in the Hi username! message)

As I mentioned before, you might need to create a ed25519 key instead:

cd %USERPROFILE%\.ssh
ssh-keygen -t ed25519 -C  "xxxxx@xxxxx.com"  -P "" -f gitee

And a %USERPROFILE%\.ssh\config with

Host gitee
  Hostname gitee.com
  User git
  Identityfile ~/.ssh/gitee

Finally: git clone gitee:username/demo-repo.git (no git@gitee.com, just gitee)

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Thanks to your help, the problem was solved, but what made me confused is why this issue happens? Could you please explain why? – vorbote Nov 07 '21 at 02:28
  • @vorbote It could be possible gitee no longer authorize rsa keys for cloning. Only ed25519. Hence their official documentation; https://gitee.com/help/articles/4181 – VonC Nov 07 '21 at 02:31
  • I dont think this should be happen, is seems not possible that rsa key pair cannot be used on coding.net, gitee or github. I tried these 3 git sites last night, they are all reported ok to my mac/linux and permission denied for my windows. – vorbote Nov 07 '21 at 06:12
  • @vorbote Then you might need to ask gitee support. I was assuming this was a mainlang Chinea restriction. – VonC Nov 07 '21 at 12:51