Why does “git push” prompt for “git account password” when using SSH keys from CentOS again

How to Use GitLab
1

Using SSH keys but still prompted for git account’s password

I have a GitLab CE instance running, v14.4.2, on an ALMALinux 8.4 (RHEL-variant) virtual machine.
I also have a CentOS 8.5 machine, where I write my code. that I installed the git software on and have created SSH keys on; this is installed with git-2.27.0-1.el8.x86_64.

  • When I execute a git clone command such as:
git clone git@a8-gitsrv.snelheid.lab:wfrench/dummy001.git

I am prompted for the password of the git account, not my wfrench account.

I also get this problem when I try to execute a git push as well.

I dealt with a problem precisely like this before and documented in my notes that I merely had to set the SELINUX context properly on /var/opt/gitlab/.ssh properly. I documented it here: https://forum.gitlab.com/t/why-does-git-push-prompt-for-git-password-when-using-ssh-keys-from-centos/38193

The steps I have tried to troubleshoot are:

  • Executed the ssh -T git@a8-gitsrv.snelheid.lab and
    I get the password prompt for the git account.
  • I confirmed that the firewalld service was off, and disabled. I am not worried about that layer of
    difficulty yet.

Thank you in advance for any advice and suggestions.

2

Just adding an update.

A change that I made, for the purpose of troubleshooting:
I set the SELINUX mode on the GitLab Server (a8-gitsrv.snelheid.lab) to permissive.
I rebooted the server and waited a few minutes for the machine to boot and be stable.

I went back to my dev machine and executed the git clone command:
git clone git@a8-gitsrv.snelheid.lab:wfrench/dummy001.git

That was successful.

What lead me to this action was reviewing the /var/log/messages file and finding the following output:

Nov 20 11:50:09 a8-gitsrv setroubleshoot[120515]: SELinux is preventing /usr/sbin/sshd from read access on the file authorized_keys.#012#012***** Plugin catchall_labels (83.8 confidence) suggests *******************#012#012If you want to allow sshd to have read access on the authorized_keys file#012Then you need to change the label on authorized_keys#012Do#012# semanage fcontext -a -t FILE_TYPE ‘authorized_keys’#012where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, NetworkManager_tmp_t, abrt_etc_t, abrt_helper_exec_t, abrt_tmp_t

I would like to re-enable the firewalld service and also set SELINUX to enforcing.