Git@localhost's password

bayardo.rivas · September 29, 2023, 6:36pm

Hello,

Context
I have a production Gitlab server running self-hosted version 16. It’s installed in an Ubuntu Server 20.04. We are planning to move Gitlab to a Docker container, so I’m doing some test in my local computer. I installed the same version of Gitlab running in a container, and I could restore successfully my backup. I have access to my local web UI, projects, everything looks good.

Issue

When I need to clone a project we always use ssh, so I copy the “link” suggested in the project information page and add git clone command:

git clone git@localhost:root/myproject001.git

In the terminal, it is asking me for git@localhost’s password. I am not sure how to solve this issue, it is running in the container, where should exist the “git” user?? on my computer??, in the host machine?? or the git user should be created and set a passwor into the containner??

iwalker · September 30, 2023, 9:20am

If you want to clone over SSH you need to upload an SSH key to your user account in Gitlab. The git user does not have a password and you won’t use this anyway, because it’s not linked to your account in Gitlab.

See the docs: Use SSH keys to communicate with GitLab | GitLab

bayardo.rivas · October 2, 2023, 3:38pm

Hello @iwalker , thanks for your answer.

Yes, I uploaded my SSH key to my gitlab account before try clone my project. As I mentioned, this Gitlab docker is a restore from a full backup file that I did from my production Gitlab server and users and ssh keys where restored in the docker Gitlab.

This is the message that is showing:

$ git clone git@localhost:root/myproject.git
Clonando en ‘myproject’…
git@localhost’s password:
Permission denied, please try again.
git@localhost’s password:
Permission denied, please try again.
git@localhost’s password:

bayardo.rivas · October 6, 2023, 2:20pm

Hey… I will appreciate any help. I’m stuck with this.

Gitlab is running in a Docker containner
When I try to clone a project ask me for the “git” user password (git user exist by default and it’s not a Gitlab account)
I have access to web UI , and I can create gitlab users. My Gitlab account has ssh key set (public key).

Please, any sugestion be specific where I have to look at because as it is a Docker containner I have the file system files in host machine and files into the containner, for example, /etc/ssh/sshd_config file exists into the container and in my host machine.

Thank you guys.

bayardo.rivas · October 11, 2023, 9:28pm

Hello @dnsmichi , I have read other issue where you were helping. I would like your advice or comments that help me find a solution for this issue. I will appreciate any help.

bayardo.rivas · October 27, 2023, 3:35pm

I ran this command in my client terminal where I am from trying to connect and clone a repe.

$ ssh -vvvvv git@10.0.0.136
OpenSSH_9.0p1, OpenSSL 3.0.9 30 May 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 10.0.0.136 originally 10.0.0.136
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 10.0.0.136 is address
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 10.0.0.136 originally 10.0.0.136
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/brivas/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/brivas/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 10.0.0.136 [10.0.0.136] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /home/brivas/.ssh/id_rsa type 0
debug1: identity file /home/brivas/.ssh/id_rsa-cert type -1
debug1: identity file /home/brivas/.ssh/id_ecdsa type -1
debug1: identity file /home/brivas/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/brivas/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/brivas/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/brivas/.ssh/id_ed25519 type -1
debug1: identity file /home/brivas/.ssh/id_ed25519-cert type -1
debug1: identity file /home/brivas/.ssh/id_ed25519_sk type -1
debug1: identity file /home/brivas/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/brivas/.ssh/id_xmss type -1
debug1: identity file /home/brivas/.ssh/id_xmss-cert type -1
debug1: identity file /home/brivas/.ssh/id_dsa type -1
debug1: identity file /home/brivas/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.0
debug1: compat_banner: match: OpenSSH_9.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.0.0.136:22 as 'git'
debug3: record_hostkey: found key type ED25519 in file /home/brivas/.ssh/known_hosts:16
debug3: load_hostkeys_file: loaded 1 keys from 10.0.0.136
debug1: load_hostkeys: fopen /home/brivas/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:sLlCirYIWZehKvlPV3/1/BQ0e0vmpAYYLSejG9tca34
debug3: record_hostkey: found key type ED25519 in file /home/brivas/.ssh/known_hosts:16
debug3: load_hostkeys_file: loaded 1 keys from 10.0.0.136
debug1: load_hostkeys: fopen /home/brivas/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '10.0.0.136' is known and matches the ED25519 host key.
debug1: Found key in /home/brivas/.ssh/known_hosts:16
debug3: send packet: type 21
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/brivas/.ssh/id_rsa RSA SHA256:6IAMhUc6dPawxibG/PrUWB7Ht+1rUWbqIJVR96DHQWQ agent
debug1: Will attempt key: /home/brivas/.ssh/id_ecdsa 
debug1: Will attempt key: /home/brivas/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/brivas/.ssh/id_ed25519 
debug1: Will attempt key: /home/brivas/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/brivas/.ssh/id_xmss 
debug1: Will attempt key: /home/brivas/.ssh/id_dsa 
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
**debug1: No credentials were supplied, or the credentials were unavailable or inaccessible**
**No Kerberos credentials available (default cache: KCM:)**


**debug1: No credentials were supplied, or the credentials were unavailable or inaccessible**
**No Kerberos credentials available (default cache: KCM:)**


debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/brivas/.ssh/id_rsa RSA SHA256:6IAMhUc6dPawxibG/PrUWB7Ht+1rUWbqIJVR96DHQWQ agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/brivas/.ssh/id_ecdsa
debug3: no such identity: /home/brivas/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/brivas/.ssh/id_ecdsa_sk
debug3: no such identity: /home/brivas/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /home/brivas/.ssh/id_ed25519
debug3: no such identity: /home/brivas/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/brivas/.ssh/id_ed25519_sk
debug3: no such identity: /home/brivas/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /home/brivas/.ssh/id_xmss
debug3: no such identity: /home/brivas/.ssh/id_xmss: No such file or directory
debug1: Trying private key: /home/brivas/.ssh/id_dsa
debug3: no such identity: /home/brivas/.ssh/id_dsa: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
git@10.0.0.136's password:

iwalker · October 27, 2023, 3:51pm

The SSH key you uploaded has to be one of the SSH keys that have been generated under /home/brivas/.ssh

We can see from the logs above it is trying to find SSH keys but it isn’t finding any. Which means you don’t have any SSH keys generated on that system, and you haven’t uploaded that generated key to Gitlab.

This is why it still asks you for a password. Until you generate SSH keys on the system you are attempting to connect from, and until you upload the public part of that SSH key to Gitlab it won’t work.

Here is an example on my system:

 ian  ~  ls /home/ian/.ssh -lh
total 252K
-rw------- 1 ian ian  783 Mar 26  2018 authorized_keys
-rw------- 1 ian ian 3.8K Oct 11 11:26 config
-rw------- 1 ian ian  399 Mar 12  2021 id_ed25519
-rw------- 1 ian ian   91 Mar 12  2021 id_ed25519.pub
-rw------- 1 ian ian  549 Dec 11  2020 id_ed25519_sk
-rw------- 1 ian ian  138 Dec 11  2020 id_ed25519_sk.pub
-rw------- 1 ian ian 3.3K Dec 21  2022 id_rsa
-rw-r--r-- 1 ian ian  735 Dec 21  2022 id_rsa.pub

as you can see in the above directory/file listing, I have ssh keys generated, and one of the .pub files is uploaded to my Gitlab server. Then when I do this:

ian  ~  ssh -T git@gitlab
Welcome to GitLab, @iwalker!

as you can see, when it is generated properly, and when it’s uploaded it just works.

To generate an ssh key:

ssh-keygen

bayardo.rivas · October 27, 2023, 10:05pm

Thank you @iwalker, keys were ok. That was not the problem. I am sharing more information and my solution.

Remember that my scenerio is Gitlab runing in a Docker containner. The problem was that the docker-compose.yml file set to expose the ssh service in port 2022 for Gitlab server, so the git command in my local terminal (I think by default) point to port 22, obviously I never got a connection from the Gitlab container. The ssh service that responded the request was a local service (on host) .

MY SOLUTION:

I created ~/.ssh/config file defining:

Host 10.0.0.136  # My local (host) ip address
    User git 
    Port 2022

as it’s exposed by the container, so now when I run the command: git clone git@10.0.0.136:root/my_project.git it will read information about the ssh connection for this host: user and port.

I hope this help others to solve this kind of problem.

Topic		Replies	Views
Can't git clone on local machine How to Use GitLab	5	6323	August 25, 2023
Unable to secure repository How to Use GitLab	1	703	November 9, 2017
Self hostet Gitlab - problem with SSH authentication between servers Self-managed ssh	1	744	December 6, 2023
Git clone over ssh How to Use GitLab	10	35446	March 25, 2023
Gitlab in Docker - can I forward the gitlab-shell? Self-managed docker , ssh	0	9	December 6, 2024

Git@localhost's password

Related topics