Authorizing to my git server with `.ssh/authorized_keys` does not work

Question

I setup a git server 2.30.2 on my NAS with debian bullseye.

User is git with home directory /media/nas/programming/git_repos/ and shell /bin/bash.

home directory and all of its subdirectories/files are owned by git:git.

home directory has 770 permissions and directory .ssh inside home directory has 700 permissions.

I create a private/public key with command ssh-keygen -t ed25519 -C mymail@gmail.com (or on second try ssh-keygen -t rsa -C mymail@gmail.com).

Public key becomes /media/nas/programming/git_repos/.ssh/authorized_keys (git:git ownership, 400 permissions) and private key becomes c:/Users/<username>/.ssh/id_ed25519 (or on second try c:/Users/<username>/.ssh/id_rsa) on Windows PC.

On /etc/ssh/sshd_config I have a line AllowUsers root git ...

Now, with Git GUI, I am trying to connect to remote (lets say fetch) with url url = git@10.0.0.2:my_project.

Initially it asks for password to decrypt id_ed25519 (or on second try id_rsa).

Then it asks for password for git@10.0.0.2 which means Git server does not count at all the .ssh/authorized_keys.

What I am doing wrong here?

update ssh -Tv git@10.0.0.2 does not say so much:

 ....
 debug1: Authentications that can continue: publickey,password
 debug1: Next authentication method: publickey
 debug1: Trying private key: C:\\Users\\chameleon/.ssh/id_rsa
 debug1: Trying private key: C:\\Users\\chameleon/.ssh/id_dsa
 debug1: Trying private key: C:\\Users\\chameleon/.ssh/id_ecdsa
 debug1: Trying private key: C:\\Users\\chameleon/.ssh/id_ed25519
 debug1: read_passphrase: can't open /dev/tty: No such file or directory
 Enter passphrase for key 'C:\Users\chameleon/.ssh/id_ed25519':     <---- Here I give the password
 debug1: Authentications that can continue: publickey,password
 debug1: Trying private key: C:\\Users\\chameleon/.ssh/id_xmss
 debug1: Next authentication method: password
 debug1: read_passphrase: can't open /dev/tty: No such file or directory
 git@10.0.0.2's password:    <---- Here I give the password. After that, connection established.

hmm.... I think again: is StackOverflow appropriate for this question? — Chameleon, Dec 07 '22 at 22:08
unix.stackexchange.com or superuser.com is probably more appropriate. — chepner, Dec 08 '22 at 02:04
@chepner thanks. People already anwser. Is it proper to delete this post? — Chameleon, Dec 10 '22 at 21:48

score 2 · Answer 1 · answered Dec 07 '22 at 22:34

Make sure you have the right permission on the remote side (NAS ~git): if anything if writable by "others", SSH will not consider the authorized_keys file.

Then test your connection with ssh -Tv git@10.0.0.2 and confirm your c:/Users/<username>/.ssh/id_ed25519 is considered and proposed.
If it is, consider launching an sshd in debug mode on your NAS to see if any error message pops up during your ssh -Tv test command.

score 1 · Accepted Answer · answered Dec 17 '22 at 13:10

Answer to my question:

Fast: Change permissions of git home folder from 770 to 750.

Bloated:

As @VonC says above, I start a new sshd instance in port 12345 with debug 3 mode:

sshd -p 12345 -ddd

Then I replace my remote repository link inside MyProjectFolder/.git/config, from:

[remote "MyNAS"]
        url = ssh://git@10.0.0.2:my_project

to

[remote "MyNAS"]
        url = ssh://git@10.0.0.2:12345/~/my_project

and I try a fetch.

sshd instance respond that git home folder does not have properly ownership and/or permissions.

I change git home folder from 770 to 750 and now it works.

PS: group writing set, because I user belong to git group and I was feeling that write access to git repo is a handy permission. Never mind. It is not so useful.

Well done. Upvoted. Permissions are important indeed. – VonC Dec 17 '22 at 13:13 — VonC, Dec 17 '22 at 13:13

Authorizing to my git server with `.ssh/authorized_keys` does not work

2 Answers2