Git clone over ssh

I just pulled gitlab/gitlab-ce:latest and issued the docker run command. Now, I am having the same problem as everybody else, apparently.

I have browsed through dozens of posts, old and new, most importantly, this one:

Which is a recent as 4 months ago.

Yet, I am in trouble.
Is there an actual resolution?
As far as I know, my keys are fine, the project exists, etc. etc. I even switched key type from rsa to ed25519, still…no cigar.

#This works
git clone http://myserver.net/group/firstone.git
# although it asks for user and password, 
# so, I provide MY username and password and it works

#But this does not:
git clone git@myserver.net:group/firstone.git

#I get the following reply
Cloning into 'firstone'...
git@myserver.net's password:

# if I add the following lines to my ~/.ssh/config:
Host myserver.net
    User git
    Hostname myserver.net
    Preferredauthentications publickey
    IdentityFile ~/.ssh/id_ed25519
    TCPKeepAlive yes

# then,the reply changes to:
Cloning into 'firstone'...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Here is the command I used:

docker run --detach \
  --hostname myserver.net \
  --publish 443:443 --publish 80:80 --publish 2222:22 \
  --name gitlab \
  --restart always \
  --volume $GITLAB_HOME/config:/etc/gitlab:Z \
  --volume $GITLAB_HOME/logs:/var/log/gitlab:Z \
  --volume $GITLAB_HOME/data:/var/opt/gitlab:Z \
  --shm-size 256m \
  gitlab/gitlab-ce:latest

Thanks.

I have very little experience with docker, so I’m guessing a little as to what the last command actually does (I assume it’s a copy-paste error, that the post says ocker).

There’s a .net missing after myserver in the command you say doesn’t work. If that is not also just a copy-paste error, it will stop ssh from finding/using that section of your .ssh/config.

The password prompt from git suggests that you reach the docker container though, and if I’m right about what that final command does that’s what you want to. So my guess is that you haven’t uploaded your public key to that GitLab instance. What does ssh -vT git@myserver.net give you?

Hi, grove:

Sorry, they are all typos, in an attempt to remove identifiable information; also, the ocker command would not have worked ;-), so, yeah, another copy paste error. The docker command is right out of the installation instructions…

Here is what I get from the ssh -vT; thanks for asking, anything else you may wonder, please ask.

ssh -vT git@myserver.net
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /home/myuserid/.ssh/config
debug1: /home/myuserid/.ssh/config line 23: Applying options for myserver.net
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 59: Applying options for *
debug1: Connecting to myserver.net [xxx.xx.xxx.xx] port 22.
debug1: Connection established.
debug1: identity file /home/myuserid/.ssh/id_ed25519 type 4
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuserid/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to myserver.net:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group14-sha1
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: diffie-hellman-group14-sha1 need=32 dh_need=32
debug1: kex: diffie-hellman-group14-sha1 need=32 dh_need=32
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Xbb6xLycngZSHaNQagcVD0s9Xdjf1pjjbeS+d1vGuEI
debug1: Host 'myserver.net' is known and matches the ECDSA host key.
debug1: Found key in /home/myuserid/.ssh/known_hosts:105
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering ED25519 public key: /home/myuserid/.ssh/id_ed25519
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: /home/myuserid/.ssh/id_rsa_2048
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: myuserid@somebox
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: myuserid@otherbox
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

As that output suggests you’re talking to something that speaks SSH, I’ll return to the guess I gave before:

you haven’t uploaded your public key to that GitLab instance

Hi, guys, a solution has been found :grinning:

The docker run command from the installation instructions, include the following line

--publish 443:443 --publish 80:80 --publish 22:22 \

which keeps the docker command from executing because port 22 is always used by ssh in just about any box.

So, I changed that line to say

--publish 443:443 --publish 80:80 --publish 2222:22 \

and now the docker command runs successfully; but, as mentioned, keeps me and the git command from being able to use ssh protocol.

Well, there is a solution, the Host entry for Gitlab server in ~/.ssh/config file needs a Port parameter, like this:

Host myserver.net
    User git
    Hostname myserver.net
    Port 2222
    Preferredauthentications publickey
    IdentityFile ~/.ssh/id_ed25519
    TCPKeepAlive yes
    AddKeysToAgent yes

and…violà, it works. I can now do:

git clone git@myserver.net:path/to/repo.git