I am trying to use port 443 to push and pull my gitlab repository since my port 22 has been blocked (reference: https://about.gitlab.com/2016/02/18/gitlab-dot-com-now-supports-an-alternate-git-plus-ssh-port/)
I have given below my config file that i created (i created a new ssh key that I updated in my gitlab profile - Note: I did not add the server key as a deploy key, rather, I just added it in my profile)
my config file:
Host gitlab.com
Hostname altssh.gitlab.com
User gitlabusername
Port 443
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa.pub
I keep getting the following error:
permission denied (publickey)
fatal: Could not read from remote repository
Could the error be because of something other than the ssh key?
Regards,
Galeej
I just configured it and it's working well for me.
In your config file you need to use the private key id_rsa for authenticating not the public one id_rsa.pub
Host gitlab.com
Hostname altssh.gitlab.com
User git
Port 443
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
You may test the connection using using this command ssh -T -p 443 git#altssh.gitlab.com.
Make sure that you already added the public key id_rsa.pub to your GitLab account as described here.
Related
I know, this question has been asked a lot, but still I have problems using ssh proxy.
I have an EC2 server (running a simple web server) which is in a private network in aws. And have a jumphost to connect to it. jumphost is in a public network. Only way I can login in to the web server instance is through the jumphost.
So I have created ~/.ssh/config file in my local computer as below:
Host jumphost
Hostname <Retracted-Public-IP>
user ec2-user
IdentityFile /Users/jananath/.ssh/private-key.pem
I can log in to the jumphost as: ssh jumphost and it works.
And in the jumphost above I have configured ~/.ssh/config as below:
Host my-web-server
Hostname <Retracted-Private-IP>
user ec2-user
IdentityFile ~/.ssh/web-server-private-key.pem
And I can ssh into the web server (from jumphost) as ssh my-web-server and it works.
I don't want to log in to the jumphost everytime I need to log into the web server, so I tried proxying.
Therefore, I added another block to my local ~/.ssh/config file as below:
Host jumphost
Hostname <Retracted-Public-IP>
user ec2-user
IdentityFile /Users/jananath/.ssh/private-key.pem
Host my-web-server
ProxyCommand ssh jumphost -W %h:%p
And I tried: ssh my-web-server and it gives the below output:
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
Can someone help me fix this?
This should work :
Host my-web-server
ProxyCommand ssh jumphost nc %h %p
You can also try :
ssh -oProxyCommand="ssh -W %h:%p jumphost" my-web-server
Third command worth to try :
ssh -J jumphost my-web-server
Copy the public key of your local machine to ~/.ssh/authorized_keys of the remote machine and not just the jump server. This will enable passwordless login from the local machine using ssh -J. If your ip is ipv6 make the following modification in the config file of your local machine.
Host jumphost
Hostname Retracted-Public-IPv6
user ec2-user
IdentityFile /Users/jananath/.ssh/private-key.pem
Host my-web-server
ProxyCommand ssh jumphost -W %[h]:%p
I can clone over https just fine but after I connect my ssh key, I keep getting the following error:
ssh: connect to host gitlab.example.com port 22: Operation timed out
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I've tried deleting and recreating the ssh key and adjusting the config port to 443 and nothing has worked.
If this is an on-premise GitLab installation (meaning not gitlab.com), chances are port 22 is should not be blocked.
Double-check that with:
curl -v telnet://gitlab.example.com:22
Switching to 443 would rather involve HTTPS. (github.com does have an SSH listener on port 443 or ssh.github.com, but that is probably not the case for your own GitLab server), unless your server is configured to do so on altssh.gitlab.example.com.
When Using git clone, I come into an error.
Here is the command and the error information.
[user#linux]$ git clone git#github.com:username/repertory.git
FATAL: failed to begin relaying via HTTP.
ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
Except for git#github, git clone https://...... and git clone git://...... works well. So i guess there is something wrong with ssh protocal, then i checked ssh.
[user#linux]$ ssh -T git#github.com
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
It seems that I can connect to github through ssh protocol properly. But what's wrong with git clone through ssh?
This error message comes from connect.c from SSH
It is a SSH Proxy Command -- connect.c, the simple relaying command to make network connection via SOCKS and https proxy: You can make SSH session beyond the firewall with this command.
So check if such a connection is needed: it could very well be needed if you are in an enterprise, behind firewall, but in that case do contact your IT support team to check the validity/approval of such a solution.
And that error message indicates that even this SSH mode (relay through https proxy) might be blocked.
If you are not in an enterprise setting, and don't need proxy, do remove them (HTTPS(S)/PROXY) from your environment variables and your git config file.
If you're using a Proxy, many corporate firewalls block access to the CONNECT method on ports other than 443. GitHub operates an SSH server listening on port 443, using the host "ssh.github.com".
First, configure your SSH ~/.ssh/config with the following:
Host github.com, ssh.github.com
User git
Hostname ssh.github.com
Port 443
ProxyCommand socat - PROXY:localhost:%h:%p,proxyport=3128
in the example above I'm assuming you're running a web proxy on host localhost and port 3128 (e.g. cntlm).
You may also substitute socat with nc or connect-proxy with slightly different syntax.
Test with:
ssh -T git#ssh.github.com
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
then with:
git clone git#ssh.github.com:username/repository.git
Running ubuntu on EC2 instance. I want to setup Jenkins SSH with my github server, but when I run the command
ssh -vT git#github.com
I receive the following output:
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to github.com [192.30.253.113] port 22.
ssh: connect to host github.com port 22: Connection timed out
My ssh key for jenkins is located in the /var/lib/jenkins/.ssh folder, but it looks as if ssh config data is being read in the /etc/ folder
I have added the public SSH key to my github account and have verified that I did so as one line.
What else am I missing?
I came across this Creating SSH keys for Gerrit and Hudson as a potential reason why it is not connecting, but I find it highly unlikely that the last time this occurred for somebody was 5 years ago.
This looks more like a networking issue as you receive a Connection timed out error.
So, first check that you can really connect to the github server, e.g. using nmap or telnet; the output should look like this if networking is ok:
$ telnet github.com 22
Trying 192.30.253.112...
Connected to github.com.
Escape character is '^]'.
SSH-2.0-libssh-0.7.0
ssh keys are usually located in $HOME/.ssh/ (where $HOME is the home directory of the user that runs the Jenkins master) -- the folder /var/lib/jenkins/.ssh looks at least unusal.
The directory /etc/ssh contains system-wide ssh configuration data, it will always be read and is not intended for user-specific configuration items.
Turns out that EC2 doesn't seem to let me connect to github via port 22.
I tested this via Alex O's suggestion that I attempt to telnet into git
My solution:
Use SSH through the HTTPS port
Change the config file for github to
ssh through 443
Profit
Major cred to #AlexO
While copy some file from server to server using scp command custom port and private key with passphrase parameter gives error
Command is like
scp -i xxxxxxx.pem -P xxxxx /path/source-file.zip
root#example.com:/path/to/destination/file.zip
error message
ssh: connect to host example.com port xxxxx: Connection timed out
lost connection
While connecting example.com using privatekey(with custom port and passphrase) is working fine. But not working while we use scp command.
This syntax is not working for me.
So I have used alternate method like wget and CURL