Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to clone repo via SSH [Podman pod, rootless container] #19150

Closed
AsterOps opened this issue Mar 20, 2022 · 4 comments
Closed

Unable to clone repo via SSH [Podman pod, rootless container] #19150

AsterOps opened this issue Mar 20, 2022 · 4 comments
Labels
issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail type/question Issue needs no code to be fixed, only a description on how to fix it yourself.

Comments

@AsterOps
Copy link

Gitea Version

1.16.4

Git Version

2.30.2

Operating System

Podman rootless container on openSUSE MicroOS host

How are you running Gitea?

I am running my self-hosted Gitea instance on home server. I create simple script to run Podman's pod with Postgre and Gitea-rootless container behind Caddy reverse proxy

#!/usr/bin/env bash
set -e
podman pod create --infra -n gitea -p 3000:3000 -p 2222:2222

podman run --pod gitea --name db \
       -e POSTGRES_USER=db \
       -e POSTGRES_PASSWORD=somePassword \
       -e POSTGRES_DB=giteadb \
       -e PGDATA=/var/lib/postgresql/data/pgdata \
       -v db-data:/var/lib/postgresql/data \
       -d docker.io/library/postgres

podman run --pod gitea --name app \
       -e DB_TYPE=postgres \
       -e DB_HOST=localhost:5432 \
       -e DB_NAME=giteadb \
       -e DB_USER=db \
       -e DB_PASSWD=somePassword \
       -v gitea-data:/var/lib/gitea \
       -v gitea-config:/etc/gitea \
       -d docker.io/gitea/gitea:latest-rootless

Caddyfile

my.gitea.instance:443 {
	reverse_proxy HOST_IP:3000
}

I use built-it SSH server so in installation wizard on browser I put port 2222 in config and my domain name

[server]
...
SSH_DOMAIN              = my.gitea.instance
HTTP_PORT               = 3000
ROOT_URL                = https://my.gitea.instance/
DISABLE_SSH             = false
...
START_SSH_SERVER        = true
SSH_PORT                = 2222
SSH_LISTEN_PORT         = 2222
BUILTIN_SSH_SERVER_USER = git
...
DOMAIN                  = my.gitea.instance

Database

PostgreSQL

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Description

I've setup added server, user and port in my sshd_config, added my public key to my user account, created repo and during clone I received an error:

> git clone ssh://git@my.gitea.instance:2222/asterops/test.git
Cloning into 'test'...
git@my.gitea.instance: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

On the Gitea's log I see only these two lines (I've increased log level to debug):

2022/03/20 11:23:56 modules/ssh/ssh.go:260:sshConnectionFailed() [W] Failed connection from 10.0.2.100:36362 with error: [ssh: no auth passed yet]
2022/03/20 11:23:56 modules/ssh/ssh.go:262:sshConnectionFailed() [W] Failed authentication attempt from 10.0.2.100:36362

I also manually run Update the '.ssh/authorized_keys' file with Gitea SSH keys. cron task from UI but it didn't change anything. What else can I check?

Screenshots

No response

@techknowlogick
Copy link
Member

I also manually run Update the '.ssh/authorized_keys' file with Gitea SSH keys. cron task from UI but it didn't change anything. What else can I check?

Rootless doesn't use the authorized_key file as it runs an SSH server internal to the golang binary and fetches keys directly from the database.

You mention changing sshd_config, can you provide more details on that, as above opensshd is not used. Do you mean your ~/.ssh/config?

Are you able to attempt connecting using ssh directly (ssh -vvv -p 2222 git@example.com)? This will give more details on if the expected key is being sent.

@techknowlogick techknowlogick added type/question Issue needs no code to be fixed, only a description on how to fix it yourself. issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail labels Apr 12, 2022
@polyurethanegoose
Copy link

@AsterOps Please verify that this is not connected to issue #17175 I've got the same problem with same message in logs with rootless Podman container and found out that i had to add -o PubkeyAcceptedKeyTypes=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa to my clone commands.

@fengjiongmax
Copy link

fengjiongmax commented May 26, 2022

I have a similar issue but I'm not sure if I have the same environment( search keyword no auth passed yet brought me here).

my environment is with truenas scale box and gitea installed via truenas charts, so my installed version is 1.16.8.

After a fresh install, I add the ssh pub key from gitea web UI, and ssh [git@gitea] -T failed.

ssh -vvv log:
ssh log with ssh info defined in .ssh/config
ssh log file with bare ssh command

Gitea log shows the same warning as OP.

2022/06/04 03:40:09 modules/ssh/ssh.go:260:sshConnectionFailed() [W] Failed connection from 172.16.33.133:55610 with error: [ssh: no auth passed yet]
2022/06/04 03:40:09 modules/ssh/ssh.go:262:sshConnectionFailed() [W] Failed authentication attempt from 172.16.33.133:55610

is there anything I can do to provide more information?

@wxiaoguang
Copy link
Contributor

About the problem for rootless container:

This issue is inactive for long time and Gitea 1.16.x is out-dated. Feel free to re-open or open a new issue if there is any other problem.

@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail type/question Issue needs no code to be fixed, only a description on how to fix it yourself.
Projects
None yet
Development

No branches or pull requests

5 participants