I am setting up my SSH keys with github. Did it numerous times earlier so i am pretty much sure that i am doing it right. But its not working. whenever i clone it just gets stuck there for around 5-10 mins and then returns this
Cloning into 'sentry-python'...
Connection to github.com closed by remote host.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Ran this command to check what's going on ssh -vT git#github.com. One of the many lines in output has this
Authenticated to github.com ([13.234.176.102]:22) using "publickey".
Followed official documentation for setting up keys. I believe its something else.
UPDATE:
HTTPs works fine
Output from: ssh -vT git#github.com
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to github.com [13.234.176.102] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version babeld-92f10f70
debug1: compat_banner: no match: babeld-92f10f70
debug1: Authenticating to github.com:22 as 'git'
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: <SERVER HOST KEY HERE>
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'github.com' is known and matches the ED25519 host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/user/.ssh/id_rsa RSA <KEY HERE> agent
debug1: Will attempt key: /home/user/.ssh/id_ecdsa
debug1: Will attempt key: /home/user/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/user/.ssh/id_ed25519
debug1: Will attempt key: /home/user/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/user/.ssh/id_xmss
debug1: Will attempt key: /home/user/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp256-cert-v01#openssh.com,sk-ssh-ed25519-cert-v01#openssh.com,sk-ecdsa-sha2-nistp256-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,sk-ssh-ed25519#openssh.com,sk-ecdsa-sha2-nistp256#openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa RSA <KEY HERE> agent
debug1: Server accepts key: /home/user/.ssh/id_rsa RSA <KEY HERE> agent
Authenticated to github.com ([13.234.176.102]:22) using "publickey".
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
debug1: client_input_hostkeys: searching /home/user/.ssh/known_hosts for github.com / (none)
debug1: client_input_hostkeys: searching /home/user/.ssh/known_hosts2 for github.com / (none)
debug1: client_input_hostkeys: hostkeys file /home/user/.ssh/known_hosts2 does not exist
debug1: client_input_hostkeys: no new or deprecated keys from server
debug1: Sending environment.
debug1: channel 0: setting env LANG = "en_IN"
Okay. So earlier logs where till LANG = "en_IN". Now after altering some permission of my keys here's the updated log.
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to github.com [13.234.210.38] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version babeld-92f10f70
debug1: compat_banner: no match: babeld-92f10f70
debug1: Authenticating to github.com:22 as 'git'
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: <SERVER HOST KEY>
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'github.com' is known and matches the ED25519 host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/user/.ssh/id_rsa <KEY HERE> agent
debug1: Will attempt key: /home/user/.ssh/id_ecdsa
debug1: Will attempt key: /home/user/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/user/.ssh/id_ed25519
debug1: Will attempt key: /home/user/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/user/.ssh/id_xmss
debug1: Will attempt key: /home/user/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp256-cert-v01#openssh.com,sk-ssh-ed25519-cert-v01#openssh.com,sk-ecdsa-sha2-nistp256-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,sk-ssh-ed25519#openssh.com,sk-ecdsa-sha2-nistp256#openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa RSA <KEY HERE> agent
debug1: Server accepts key: /home/user/.ssh/id_rsa RSA <KEY HERE> agent
Authenticated to github.com ([13.234.210.38]:22) using "publickey".
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
debug1: client_input_hostkeys: searching /home/user/.ssh/known_hosts for github.com / (none)
debug1: client_input_hostkeys: searching /home/user/.ssh/known_hosts2 for github.com / (none)
debug1: client_input_hostkeys: hostkeys file /home/user/.ssh/known_hosts2 does not exist
debug1: client_input_hostkeys: no new or deprecated keys from server
debug1: Sending environment.
debug1: channel 0: setting env LANG = "en_IN"
PTY allocation request failed on channel 0
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi targhs! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Connection to github.com closed.
Transferred: sent 3888, received 2812 bytes, in 0.6 seconds
Bytes per second: sent 6234.8, received 4509.3
debug1: Exit status 1
TL;DR link to what might as well be a duplicate here.
Explanation (long-ish)
You have something new in your edit: agent refused operation. That's the problem here. You are using an ssh agent, and it's the agent that must pass the private key (of the public/private key-pair) to ssh so that your ssh can decrypt the challenge that GitHub have sent to your ssh.
The way ssh authentication works (boiled down a bit) is this:
Your ssh client (ssh command) opens a channel to the host (in this case GitHub).
Your client tells them you'd like to log in as some user name (in this case git: GitHub always requires this as a constant).
Their ssh server then says: I might let you in, provided you prove to me that you have permission. Send me a public key.
Your client then pokes around to look for a public key to send. It finds one and sends it.
Their server checks to see if that ssh key is a valid key. It is; it's registered to you. But maybe you're not targhs. Maybe you've snagged the public key from the real targhs, and this connection is from an imposter! So they want to make sure you're really targhs. They use the public key to encrypt a random value, and send you—or rather, your client ssh—the value, challenging you to decrypt it.
Your client now requires the private key.
It's pretty common to have both public and private keys stored in a file on your computer (e.g., on your laptop). When this is the case, your ssh client can just open and read the private key file, giving it access to that private key. For security purposes, though, you can do one or both of these two things:
Not supply the private key at all. Keep it only in an agent.
Keep the private key in an encrypted file, so that a decryption key—separate from the public and private key—is required to read the private key.
If you've done either or both of these, your ssh client now needs help.
To get that help, your ssh client can:
interact directly with you, the user, via the keyboard: this may or may not be permitted; or
consult an ssh agent.
The ssh agent enables ssh clients to interact with you, the user, and provide the (secret) private key, even if it's not on the computer on which you're running ssh, or if it's just encrypted, or whatever. To do that, the ssh client asks the ssh agent for the key.
Your ssh agent says: Nuh-uh, not gonna give you the key!
Why does your ssh agent say that? That's the mystery here; that's what you have to figure out. There are multiple possible reasons. Fortunately, they're all pretty well covered in a separate StackOverflow question and answers: see How to solve "sign_and_send_pubkey: signing failed: agent refused operation"?
I made git server on digital ocean and work fine but I want to change authorization from password to SSH key.
Now it's working nice for SSH/SFTP with this server and also with my pi. But git don't want to cooperate.
I have:
/home/git/.ssh on permission 700
/home/git/.ssh/authorized_keys on 644
Shell for git: /usr/bin/git-shell
And on local machine set .ssh/config to load private key from encrypted pendrive
isaac#Isaac-Debian:~$ ssh -vT server
OpenSSH_7.4p1 Debian-10+deb9u3, OpenSSL 1.0.2l 25 May 2017
debug1: Reading configuration data /home/isaac/.ssh/config
debug1: /home/isaac/.ssh/config line 1: Applying options for git-server1.iofist.de
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to serwer ******** port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/isaac/secret/server1git type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/isaac/secret/server1git-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u2
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to server:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:LyaAW9P8EIqkyuf/lEuEIKWTTeu2/3XbOyxx8TmPXa8
debug1: Host 'server1.iofist.de' is known and matches the ECDSA host key.
debug1: Found key in /home/isaac/.ssh/known_hosts:3
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/isaac/secret/server1git
Enter passphrase for key '/home/isaac/secret/server1git':
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
debug1: Trying private key: /home/isaac/secret/server1git
Enter passphrase for key '/home/isaac/secret/server1git':
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
At first it still wants you to have public key, so you must create it too. Second make sure you run ssh as a root. It will resolve the conflicts with Permission denied (publickey).
There are many similar questions and answers related to this authorization issue --- "Permission denied (publickey)". However, none of them works for my problem...
Here is my situation: I am using Amazon web server EC2 and my PC connects well with the server. For the next step, I was trying to install git on the server. The result which I was hoping to accomplish is updating the server-end when I push from local. But here the problem showed up: "Permission denied (publickey)"
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/IvyLin/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to 52.68.24.4 [52.68.24.4] port 22.
debug1: Connection established.
debug1: identity file /Users/IvyLin/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/IvyLin/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/IvyLin/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/IvyLin/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/IvyLin/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/IvyLin/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/IvyLin/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/IvyLin/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 52.68.24.4:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305#openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305#openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ieQEskLZ3tiW76F5KPhlQfHcGYFW+SifiIDQnBUZHmY
debug1: Host '52.68.24.4' is known and matches the ECDSA host key.
debug1: Found key in /Users/IvyLin/.ssh/known_hosts:5
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/IvyLin/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/IvyLin/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/IvyLin/.ssh/id_dsa
debug1: Trying private key: /Users/IvyLin/.ssh/id_ecdsa
debug1: Trying private key: /Users/IvyLin/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
One thing I am wondering is where should I put the public key exactly? There is one .ssh file for "validate server connection" already in the server, path: ~/.ssh and it works for me.
In terms of the ssh key for git, I created another .ssh folder inside the git folder, path: ~/home/git/.ssh. Which file does it look for during the connection? Though I've tried to put the public key into ~/.ssh, but still, it does not work...
I've been stuck there for so long time and really appreciated if someone can help me out! Workarounds to achieving "update as push" will also help me out!
One thing I am wondering is where should I put the public key exactly?
you have to put the public key on your git server under your account.
Which file does it look for during the connection?
you have to copy the ~/.ssh/id_rsa.pub to your git server account
I've recently installed this stack on AWS EC2:
https://aws.amazon.com/marketplace/pp/B00NO1HJ56/ref=srh_res_product_title?ie=UTF8&sr=0-2&qid=1461119036279
The instance's system log says that the SSH keys were installed here:
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
I have added the public key to my Github account and the fingerprints match.
When cloning a repo I get:
Permission denied (publickey).
From the Github help section https://help.github.com/articles/error-permission-denied-publickey
I run: ssh -vT git#github.com and get:
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to github.com [192.30.252.122] port 22.
debug1: Connection established.
debug1: identity file /home/bitnami/.ssh/id_rsa type -1
debug1: identity file /home/bitnami/.ssh/id_rsa-cert type -1
debug1: identity file /home/bitnami/.ssh/id_dsa type -1
debug1: identity file /home/bitnami/.ssh/id_dsa-cert type -1
debug1: identity file /home/bitnami/.ssh/id_ecdsa type -1
debug1: identity file /home/bitnami/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/bitnami/.ssh/id_ed25519 type -1
debug1: identity file /home/bitnami/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: Remote protocol version 2.0, remote software version libssh-0.7.0
debug1: no match: libssh-0.7.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /home/bitnami/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/bitnami/.ssh/id_rsa
debug1: Trying private key: /home/bitnami/.ssh/id_dsa
debug1: Trying private key: /home/bitnami/.ssh/id_ecdsa
debug1: Trying private key: /home/bitnami/.ssh/id_ed25519
debug1: No more authentication methods to try.
I seems the ssh agent is searching /home/bitnami/.ssh/ but the keys are located in /etc/ssh
This is the contents of /home/bitnami/.ssh
authorized_keys
known_hosts
And this is the contents of /etc/ssh
moduli
ssh_host_dsa_key
ssh_host_ecdsa_key.pub
ssh_host_rsa_key
ssh_config
ssh_host_dsa_key.pub
ssh_host_ed25519_key
ssh_host_rsa_key.pub
sshd_config
ssh_host_ecdsa_key
ssh_host_ed25519_key.pub
ssh_import_id
If I check what keys are added to the ssh agent I get:
$ ssh-add -l I get:
The agent has no identities.
Is this simply a matter of adding my public key in /etc/ssh/ to the ssh agent by using ssh-add, so it knows where to look?
I don't understand why the keys are were not installed in /etc/hosts rather than the home directory.
The solution is simply to ignore the keys in /etc/ssh. These keys are used by AWS to access the instance and belongs to the system rather than a user.
So I just generated new keys for the bitnami user and those keys are now correctly sitting in /home/.ssh/
I can now pull my repo from Github.
Hey Im in trouble with my gitlab server on Ubuntu 14.04 64Bit
Establish a connection via ssh is not working.
The connection to the server via ssh with the same keys works fine.
The key for github is saved at
/var/opt/gitlab/.ssh/authorized_keys
and begins with
command="/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell key-4",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...]
the auth.log gives the following message
input_userauth_request: invalid user git [preauth]
Connection closed by 139.13.201.xxx [preauth]
the output from ssh -vt
OpenSSH_7.1p2, OpenSSL 1.0.2e 3 Dec 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to xxx.com [85.214.233.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/hsync/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hsync/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hsync/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hsync/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hsync/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hsync/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hsync/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/hsync/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to xxxx.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305#openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305#openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:gIp2PDQMrB5497SLo+rflwFRdg8FJODSWPklNbgFHvo
debug1: Host 'felixschulze.com' is known and matches the ECDSA host key.
debug1: Found key in /home/hsync/.ssh/known_hosts:2
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/hsync/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/hsync/.ssh/id_dsa
debug1: Trying private key: /home/hsync/.ssh/id_ecdsa
debug1: Trying private key: /home/hsync/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
I ve found the following hint on gitlab faqs
https://github.com/gitlabhq/gitlab-public-wiki/wiki/Trouble-Shooting-Guide#ssh
But there is no /home/git directory.
[1] git user in passwd
git:x:998:998::/var/opt/gitlab:/bin/sh
Hope you can give me any advise.
Thanks for helping
[1]Edit
Oh, shame on me, I switched off PAM in the sshd_config, during some expirements with ssh and never switched it on.
The SSH troubleshooting is written assuming GitLab is installed with a git account in /home/git (and include a /home/git/.ssh/authorized_keys)
If that is not your case, but ssh still uses 'git', that means your GitLab config still references the default user git
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
# user: git