I formatted my Windows 7 laptop and in an attempt to have git setup working again, I installed git and source tree application.
I deleted the SSH Key from gitlab and regenerated the key using ssh-keygen. But when I try to add the SSH Key at gitlab, it throws the following exception :
Key is invalid
Fingerprint has already been taken
Fingerprint cannot be generated
Because of this I am unable to clone the git repository from the source tree application since gitlab is unable to authenticate the SSH key.I followed queries at google groups of gitlab but none of them seem to resolve my issue. Is there any workaround or steps to get the SSH key accepted by gitlab?
In my case; the public key i was trying to add was already used with 'work' Gitlab account and i received the said error upon trying to use the same key with 'personal' Gitlab account.
Solution - Add another public key on the same machine and use that with 'personal' gitlab account (both on same machine).
navigate to .ssh folder in your profile (even works on windows) and run command
ssh-keygen -t rsa
when asked for file name give another filename id_rsa_2 (or any other).
enter for no passphrase (or otherwise).
You will end up making id_rsa_2 and id_rsa_2.pub
use the command
cat id_rsa_2.pub
copy and save key in 'personal' Gitlab account.
create a file with no extension in .ssh folder named 'config'
put this block of configuration in your config file
Host gitlab.com
HostName gitlab.com
IdentityFile C:\Users\<user name>\.ssh\id_rsa
User <user name>
Host gitlab_2
HostName gitlab.com
IdentityFile C:\Users\<user name>\.ssh\id_rsa_2
User <user name>
now whenever you want to use 'personal' gitlab account simply change alias in git URLs for action to remote servers.
for example
instead of using
git clone git#gitlab.com:..............
simply use
git clone git#gitlab_2:...............
doing that would use the second configuration with gitlab.com (from 'config' file) and will use the new id_rsa_2 key pair for authentication.
Find more about above commands on this link
https://clubmate.fi/how-to-setup-and-manage-multiple-ssh-keys/
Gitlab can use your ssh-key in another account of your past projects for somehow - so, easiest way to solve this problem is to create new ssh-pair, add it to ssh-agent and add id_rsa2.pub to your gitlab account.
$ ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
When it ask:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/<NAME>/.ssh/id_rsa):
Please enter /home/<NAME>/.ssh/id_rsa2
$ ssh-add ~/.ssh/id_rsa2
Make sure to cut away everything at the end of the base64 encoded string.
Also remove all newlines so the string contains no newlines.
This did the trick for me.
I got the same error because I already added this key to another account in gitlab.
I tried everything already suggested and nothing worked. What ended up working for me was to copy the public key using a command rather than from a text editor (nano in my case):
pbcopy < ~/.ssh/id_rsa.pub
replacing, if necessary, id_rsa with my specific key name. The above command works on OSX. Other systems require a different command, and they are listed on the following page: http://doc.gitlab.com/ce/ssh/README.html.
In my case I already had the public key added on another repo.
Fix:
On the same GitLab page (Settings -> Repository -> Deploy Keys)
Scroll down and click to the TAB "Privately accessible deploy keys"
Find your "Deploy key" in the list and click the Enable button
Then you are good to go.
My SSH key was stored in an old Gitlab account, I removed it and problem solved.
Text editor could be the problem. Try to open key file with Notepad, not Notepad++.
Also add "ssh-rsa " at the beginning of the key.
Make a New Key
None of the above solutions worked for me so I backed up my old key and created a new one.
https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/
#osx10.12.6
In my case, my public key must have somehow been attached to a specific repository.
I went back and deleted two old repositories and after that it allowed me to add the public key to my GitLab account without any problems.
Add new ssh key
The pervius ssh key probabley use by another user . When somone else use a ssh key you must get this error dint worry create a new ssh key and use theme.
In the same gitlab setting page where you tried to add the deploy key scroll down a little bit and you shall find a tab called "Privately accessible deploy keys". Click it and you shall find the key you tried to add listed there. Just click "Enable" from next to it and it would work !
If all these suggestions don't work:
First of all - don't deal with security keys being exhausted or in a hurry, not to do silly mistakes (my case).
Secondly - copy as GitLab deploy key public-key, not the private one (my case as well, despite well understand oh how keys work, just being in a hurry).
In my case, I have not added an existing Deploy key to any other project before, and I am was not a member of any project.
In order to be able to enable the deploy key for a new project, you need to add yourself as a member to a project where this key has already been enabled.
Then in the New Project-Settings-Repository-Deploy keys-Privately accessible deploy keys list, you will see this key and the Enable button.
The answer is found in this documentation
https://gitlab-docs.creationline.com/ee/user/project/deploy_keys/
In the Privately accessible deploy keys tab, you can enable a private
key which has already been imported in a different project. If you
have access to these keys, it's because you have either:
Previously uploaded the keys yourself in a different project.
You are a maintainer or owner of the other project where the keys were imported.
But if you have GitLab admin profile, it's enough even to have "User" privileges as a member for the project.
Related
Im new to Gitlab and private/public keys.
I have a project in my local machine with git initialized, and a few commits.
I created a private repo in Gitlab.
I also created a private/public key and added the public key to gitlab.
When i try to push with git push -u origin --all I get this message:
The authenticity of host 'gitlab.com (**xxx.xxx.xx**)' can't be established.
ED25519 key fingerprint is SHA256:**xxxxxxxxx**.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
If I type yes I get this message:
Warning: Permanently added 'gitlab.com' (ED25519) to the list of known hosts.
Connection closed by **xxxxxxxxxx** port 22
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Then, when i try to push again, i get the same message as the first one.
Since Im the only one attached to the project, shouldn't Gitlab ask me (supposedly the only one who can push to the private repo) for my credentials when i try to push to it and then, and only then, let me push to it?
Besides that, if i unprotect the branch, i can push to it using --force. But (and correct me if i'm wrong), if I unprotect the branch, anyone with the url will be able to push to the repository, since gitlab also does not ask for my credentials when I try to push to it using --force.
I'm sorry if the question is dumb, I'm just having a hard time trying to figure out how to protect my repo from unauthorized access.
How can I keep the branch protected, and only be allowed to push to it using some type of auth, like gitlab asking me for my credentials?
thanks
Seems like your ssh-agent is not using the correct key. Add the following configuration to ./ssh/config
Host gitlab.com
Host gitlab.com
Preferredauthentications publickey
IdentityFile ~/.ssh/path_to_private.key
I hope this will fix your issue
I have gitolite installed. I'm able to administer it fine. I've added a few new repos, and a few pub keys. Installed as 'git#domain.com' and a repo added for a user as repo.git.
Does it have to be git#domain.com:repo.git to access, or is there a way to indicate the user in the url?
Possibly something like user#domain.com:repo.git or git.domain.com/user/repo.git for example?
No, it has to be git#domain.com because the user is always the same: the git account you are using to install and administer gitolite on your server.
The actual user is deduced from the public key you are using when making your ssh call.
If you registered that key with the user.pub file representing said public key named after the user's login, then gitolite will be able to identify you.
For more, see "how gitolite uses ssh".
If you look in the authorized_keys file, you'll see entries like this (I chopped off the ends of course; they're pretty long lines):
command="[path]/gitolite-shell sitaram",[more options] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA18S2t...
command="[path]/gitolite-shell usertwo",[more options] ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArXtCT...
First, it finds out which of the public keys in this file match the incoming login.
Once the match has been found, it will run the command given on that line; e.g., if I logged in, it would run [path]/gitolite-shell sitaram.
So the first thing to note is that such users do not get "shell access", which is good!
When gitolite-shell gets control, it looks at the first argument ("sitaram", "usertwo", etc) to determine who you are. It then looks at the SSH_ORIGINAL_COMMAND variable to find out which repository you want to access, and whether you're reading or writing.
Now that it has a user, repository, and access requested (read/write), gitolite looks at its config file, and either allows or rejects the request.
We've recently set up Gitolite server. All seems well. I can connect to it without a problem.
A new user has been set up, he's on a Mac and trying to use SourceTree. The only way I could get him to connect was for him to attempt to ssh to the server and I typed in the password (exited afterwards). Without that the system kept asking for a password for that server.
Is this normal behaviour?
How do non-sysadmin users gain access to gitolite?
Gitolite is based on forced command, which means non-interactive session.
So:
no password should ever be entered (assuming here non-password protected private key).
(as detailed in "how gitolite uses ssh").
no "non-sysadmin" should ever gain access to gitolite server itself.
So all he should need is a public key stored in ~/.ssh (making sure both his home and .ssh aren't group or world writable), registered in gitolite-admin/keys and published on the gitolite server .ssh/authorized_keys file.
From there, as mentioned in "Sourcetree and Gitolite":
If you are cloning a remote git repository, you need to tab out of the Source path/ URL field to activate the clone button.
The url will be validated at that point.
The url needs no special syntax working with gitolite, and even respects the host entries in your ssh conf file. So in my case a url of gitolite:workrepo is sufficient.
I am working on several projects in different subversion repositories using tortoise. How do I save the credentials for all my projects so I don't have to enter username/password everytime? If I save the credentials, only the latest credentials are saved, forcing me to clear the cache before using tortoise on another project.
thanks
Thomas
I also use XP-Dev with more than one login and had the same issue.
I used the following svn command line to do the initial checkout:
svn checkout http://xp-dev.com/svn/ProjectName c:\dev\projectfolder --username myusername --password mypassword
This checked out the project and the credentials were saved so that Tortoise SVN worked following this.
The credentials are saved for every authentication realm string.
If you want to use different auth data for different repositories, include the repository name in the realm string of your server.
Go in TortoiseSVN -> Settings-> Store Data
Click the clear button. Than I will ask you login on each push
See the image
Workaround if you have only 2 credentials: for 1 of them, replace the address xp-dev.com with its IP address so that from SVN Tortoise point of view, there are 2 distinct servers.
I am using git-svn to develop code that is hosted on a SVN+SSH repository. I do not have to input my ssh password on the server every time I dcommit/update/rebase, so I assume it is cached somewhere.
Where are my credentials saved? Inside the .git directory, or globally in some dot-file in my home directory?
I ask because my git repository is public-readable on my home directory (we have a homes-are-readable policy in our laboratory), and I am afraid that this might leak my ssh credentials to all the lab.
Thanks.
As noted in Does Git-Svn Store Svn Passwords?, they are stored in ~/.subversion, so as long as your home directory itself is not public readable you shouldn't have a problem (though as I've just read your last line a bit more thoroughly, you may have a problem).
Have you configured your SSH server to use key-based authentication? It's likely that your private key (password protected or not) is in ~/.ssh/id_rsa or ~/.ssh/id_dsa (the public key being the .pub file associated with them). You should definitely protect those directories, although, in most cases, ssh won't even let it work if they're readable by someone else (other than root).