3

I am using gitosis for repository management. I have two other keys that work perfectly. I've recently added a third key.

All keys work when I SSH into the machine (I get the error mentioned here as normal, and the server's auth.log says "Found matching RSA key..."). However, when I run the command:

git clone -b <branch> ssh://gitosis@<server>/<project>

with the new third key the server's auth.log shows "Failed publickey for gitosis...". The same "git clone" command works for the other keys.

The permissions on the .ssh files are set correctly since I am able to SSH into the machine.

Both machines are Ubuntu.

What would cause the "git clone" to be rejected, while the SSH is accepted?

jason
  • 1,247
  • 1
  • 9
  • 25
  • 1
    I removed gitosis and installed gitolite, however, the same problem persists. In fact, the exact same stuff works and the exact same stuff does not work. I am now just using a different git management tool and different client key (I re-created the key to make sure both client and server had the same one). So the problem appears to be either with the SSH server or the git client. I'm leaning towards a problem with the git client since other machines can perform the clone successfully. Would differing versions be a problem? client is git v1.7.0.4 and server is git v1.7.4.1. – jason Oct 04 '11 at 15:15
  • same issue here with bitbucket - git authentication stopped working. used to work fine. – Stefano Apr 11 '13 at 15:35

1 Answers1

0

That should mean that you have a ssh config file (~/.ssh/config), with:

  • a section Host <server>
  • a different IdentityFile (ie a public key full path) than the one the gitosis user should have
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • there are no `~/.ssh/config files` on either machine and the only difference in the `/etc/ssh/ssh_config` is on the __GSSAPIAuthentication__ line. The gitosis machine has "no" and the client machine has "yes". Changing the gitosis machine to "yes" did not fix the problem. – jason Sep 29 '11 at 18:23
  • @jma: are you sure that `gitosis/.ssh/id_rsa.pub` has been published as a gitolite forced command line in the `server/.ssh/authorized_keys` file? – VonC Sep 29 '11 at 18:47
  • Yes. I can see the third (non-working) key in the gitosis account's `~/.ssh/authorized_keys` file. Plus, I am able to SSH to the machine and have the key be recognized. – jason Sep 29 '11 at 19:17
  • @jma the connection alone isn't enough: it needs to be registered as a forced command. But if your third key appears in a line similar to the other twos, this isn't the issue. – VonC Sep 29 '11 at 19:24
  • @jma so... how about using gitolite? ;) http://stackoverflow.com/questions/7591958/how-to-change-gitosis-default-search-path/7592421#7592421 – VonC Sep 29 '11 at 19:24
  • I'm not sure what you mean by "forced command", but if that is not the issue I guess it does not matter. – jason Sep 29 '11 at 19:52
  • using gitolite is something I almost did. However, being new to git and already having working repositories made me pause. Then, since the issue doesn't seem to be gitosis, but the SSH server (that's where the error comes from) or the git client, I figured I had better nail down what the problem was before spending time just to have the issue occur under gitolite as well. – jason Sep 29 '11 at 19:53
  • @jma: on the "forced command" front, see http://stackoverflow.com/questions/5803404/git-authentication-pull-as-a-new-user/5804015#5804015 and http://oreilly.com/catalog/sshtdg/chapter/ch08.html#22858 – VonC Sep 29 '11 at 20:41