I have installed a Gitlab server (15.1) and try to finalize configuration for my user.
I am able to connect with ssh to the server for administration purpose.with my user. I use rsa key pair for that. I connect on the 22002 port and everything works well.
Now I wanted to follow Gitlab instruction to create a project, a new pair of key and connect my repository to Gitlab using this key pair.
I have created keys (ed25519), copy the public part into the Gitlab web server and just try the command ssh -T [email protected]
I get the following result:
Permission denied (publickey)
I have searched for hours but didn’t find what I have made wrong.
If I run ssh -Tvvv [email protected]
I get the following result:
OpenSSH_9.0p1 Debian-1+b1, OpenSSL 3.0.4 21 Jun 2022
debug1: Reading configuration data /home/tasseb/.ssh/config
debug1: /home/tasseb/.ssh/config line 19: Applying options for gitlab-kb
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to gitlab.mydomain.com [160.53.247.6] port 22002.
debug1: Connection established.
debug1: identity file /home/tasseb/.ssh/id_ed25519-gitlab type 3
debug1: identity file /home/tasseb/.ssh/id_ed25519-gitlab-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0p1 Debian-1+b1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 Debian-5+deb11u1
debug1: compat_banner: match: OpenSSH_8.4p1 Debian-5+deb11u1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to gitlab.mydomain.com:22002 as 'sbe'
debug1: load_hostkeys: fopen /home/tasseb/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:ofs8tNkzOxuU5AwC2VYbFGPXfERPKXGOFrTatb8hV78
tlab.mydomain.com]:22002
debug1: load_hostkeys: fopen /home/tasseb/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[gitlab.mydomain.com]:22002' is known and matches the ED25519 host key.
debug1: Found key in /home/tasseb/.ssh/known_hosts:4
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /home/tasseb/.ssh/id_ed25519-gitlab ED25519 SHA256:7BtjWt7Ysd40SJ1xX1sBlZb7PJqUW5K2NhxDBvtIgfY explicit 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/tasseb/.ssh/id_ed25519-gitlab ED25519 SHA256:7BtjWt7Ysd40SJ1xX1sBlZb7PJqUW5K2NhxDBvtIgfY explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
Thanks for your help.
2
Answers
I was sure it was something simple that I have omitted. So this morning I just continue to set up locally my git project and did the first push using my user and password. That has working well. Then, I edit my .ssh/config file, changing my username by "git" as suggested by @VonC. Re run the test, it asked for the passphrase for the key and everything is ok. I thought I could set up the ssh before doing a first push or set the origin locally, but it seems no.
Thanks again for your precious comments.
Using SSH URL with a GitLab on-premise server should always involve the technical account git, not "myuser".
See "Verify that you can connect"
GitLab will authenticate you through the public key registered to the GitLab user account SSH setting page.