Adding new key not working - Ssh key names
71 views
Skip to first unread message
Todd D. Taft
Jan 8, 2024, 12:34:21 PMJan 8
to gito...@googlegroups.com
I’m trying to add a new SSH key to my gitolite system, but it doesn’t seem to be getting recognized, as attempting to use git push from the machine account gives me a password prompt for the git user.
I’ve copied the key onto an account that does work with gitolite. I’ve put the public key in the keydir directory and added the key to an entry in conf/gitolite.conf. After that, I did git add -A, git commit, git push, and all of those seemed to work (using an older set of SSH keys).
However, access from the new key isn’t working. The key is an ed25519 one, and it does connect to a normal shell of a different user account on the gitolite server using “regular” ssh if the public key is placed In ~/.ssh/authorized_keys
I’m wondering if I’ve somehow gotten the key name wrong, as I noticed that the new key doesn’t appear on the server’s ~/.ssh/authorized_keys file. For the purposes of gitolite and the gitolite.conf file, what is the name of the key? Does it come only from the filename, the comment string, or something else? Do those things have to match? Is it a problem if the key was generated with non-default options like ssh-keygen … -C comment? Are there characters that you can’t use in those names? Is there something else that I'm missing?
Sitaram Chamarty
Jan 8, 2024, 8:14:38 PMJan 8
to Todd D. Taft, gito...@googlegroups.com
On Mon, Jan 08, 2024 at 12:34:11PM -0500, Todd D. Taft wrote:
> For the purposes of gitolite and the gitolite.conf file, what
> is the name of the key? Does it come only from the filename,
> the comment string, or something else? Do those things have
> to match?
just the filename. "alice.pub" means the gitolite username is
> For the purposes of gitolite and the gitolite.conf file, what
> is the name of the key? Does it come only from the filename,
> the comment string, or something else? Do those things have
> to match?
"alice".
> Is it a problem if the key was generated with non-default
> options like ssh-keygen … -C comment? Are there characters
> that you can’t use in those names? Is there something else
> that I'm missing?
You should probably check the logs to see if the push succeeded
and the post-update hook ran, then check the keydir inside
~/.gitolite to see if the key made it, and so on.
Specifically, the logs should contain (among others) lines
similar to these:
<TIMESTAMP> <PID> system,gitolite compile
<TIMESTAMP> <PID> system,gitolite trigger POST_COMPILE
<TIMESTAMP> <PID> system,/home/g3/gitolite/src/triggers/post-compile/ssh-authkeys,POST_COMPILE
Then you should also see "alice.pub" (or whatever you called it)
in ~/.gitolite/keydir on the server
Todd Taft
Jan 10, 2024, 6:32:09 AMJan 10
to gitolite
That's not what I'm seeing in the logs:
This is what I see when I do a push to gitolite-admin:
2024-01-10.05:34:24 819154 ssh ARGV=admin SOC=git-receive-pack 'gitolite-admin' FROM=127.0.0.1
2024-01-10.05:34:25 819154 pre_git gitolite-admin admin W any refs/.*
2024-01-10.05:34:25 819154 update gitolite-admin admin W refs/heads/master be4ae25d441882977455885edcc3b6bc7fc66ed7 42fefad27159abbb4f64c4124e12d96dab2249ec refs/.*
2024-01-10.05:34:26 819154 END
2024-01-10.05:34:25 819154 pre_git gitolite-admin admin W any refs/.*
2024-01-10.05:34:25 819154 update gitolite-admin admin W refs/heads/master be4ae25d441882977455885edcc3b6bc7fc66ed7 42fefad27159abbb4f64c4124e12d96dab2249ec refs/.*
2024-01-10.05:34:26 819154 END
Since this push was from 127.0.0.1, I will comment that the push was done from a replica outside of the gitolite home directory.
I do see the new key file in ~/.gitolite/keydir/Todds-2019-imac.unclet.net-2024-01/taft.pub
This is near the top of ~/.gitolite/conf/gitolite.conf, so I would expect a key file with that name to be used:
@admins = taft om admin
repo @all
RW+ = @admins
repo @all
RW+ = @admins
I've never really "played" in the ~/.gitolite directory, so I don't think I could have broken anything there, but I ran the commands on your emergency page, just in case something got screwed up there.
2024-01-10.05:41:54 823136 cli gitolite compile
2024-01-10.05:41:54 823136 END
2024-01-10.05:42:01 823145 cli gitolite setup --hooks-only
2024-01-10.05:42:01 823145 END
2024-01-10.05:42:09 823171 cli gitolite trigger POST_COMPILE
2024-01-10.05:42:09 823171 END
2024-01-10.06:22:35 841110 ssh ARGV=admin SOC=git-receive-pack 'gitolite-admin' FROM=127.0.0.12024-01-10.05:41:54 823136 END
2024-01-10.05:42:01 823145 cli gitolite setup --hooks-only
2024-01-10.05:42:01 823145 END
2024-01-10.05:42:09 823171 cli gitolite trigger POST_COMPILE
2024-01-10.05:42:09 823171 END
2024-01-10.06:22:35 841110 pre_git gitolite-admin admin W any refs/.*
2024-01-10.06:22:35 841110 END
That didn't seem to fix the issue. What am I missing?
Sitaram Chamarty
Jan 11, 2024, 3:33:52 AMJan 11
to Todd Taft, gitolite
On Wed, Jan 10, 2024 at 03:32:09AM -0800, Todd Taft wrote:
> That's not what I'm seeing in the logs:
>
> This is what I see when I do a push to gitolite-admin:
>
> 2024-01-10.05:34:24 819154 ssh ARGV=admin
> SOC=git-receive-pack 'gitolite-admin' FROM=127.0.0.1
> 2024-01-10.05:34:25 819154 pre_git gitolite-admin admin W any
> refs/.*
> 2024-01-10.05:34:25 819154 update gitolite-admin admin W
> refs/heads/master be4ae25d441882977455885edcc3b6bc7fc66ed7
> 42fefad27159abbb4f64c4124e12d96dab2249ec refs/.*
> 2024-01-10.05:34:26 819154 END
Offhand, looks like the post-update hook is not triggering.
> That's not what I'm seeing in the logs:
>
> This is what I see when I do a push to gitolite-admin:
>
> 2024-01-10.05:34:24 819154 ssh ARGV=admin
> SOC=git-receive-pack 'gitolite-admin' FROM=127.0.0.1
> 2024-01-10.05:34:25 819154 pre_git gitolite-admin admin W any
> refs/.*
> 2024-01-10.05:34:25 819154 update gitolite-admin admin W
> refs/heads/master be4ae25d441882977455885edcc3b6bc7fc66ed7
> 42fefad27159abbb4f64c4124e12d96dab2249ec refs/.*
> 2024-01-10.05:34:26 819154 END
However, this:
> 2024-01-10.05:42:01 823145 cli gitolite setup --hooks-only
Did this particular site work before and suddenly stopped
working or is this a new install?
What happens if you try to add a new repo?
Todd Taft
Jan 15, 2024, 4:47:46 AMJan 15
to gitolite
Adding a new repo seems to work, so the issue seems like it may be limited to keys.
Right now, the system in question is running the version packaged by the OS - Ubuntu 20.04 with version 3.6.11-2 listed. dpkg --verify doesn't show any problems, and I ran aptitude reinstall just to be sure, but that didn't seem to change the behavior. I see that there have been some minor updates that are newer, but I don't see much in the update release notes that seems relevant to this issue.
Any other suggestions?
Sitaram Chamarty
Jan 16, 2024, 4:50:52 AMJan 16
to Todd Taft, gitolite
On Mon, Jan 15, 2024 at 01:47:46AM -0800, Todd Taft wrote:
> Adding a new repo seems to work, so the issue seems like it may be limited
> to keys.
1. Please run `gitolite trigger POST_COMPILE` and see if the
> Adding a new repo seems to work, so the issue seems like it may be limited
> to keys.
logs are showing something like this:
2024-01-16.15:16:20 21585 cli gitolite trigger POST_COMPILE
2024-01-16.15:16:20 21585 system,/home/g3/gitolite/src/triggers/post-compile/ssh-authkeys,POST_COMPILE
...some more lines that we don't care about for now...
2024-01-16.15:16:21 21585 END
2. Failing that, run `gitolite query-rc POST_COMPILE` and see
if it includes "post-compile/ssh-authkeys"
3. If it does not, send me your ~/.gitolite.rc.
If we come to that point it may be a good idea to not cc the
mailing list -- we can always update the list with the solution
once we have it.
sitaram
> You received this message because you are subscribed to the Google Groups "gitolite" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gitolite+u...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/gitolite/d7ca57e7-51b3-48a0-9080-153f72d854cbn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages