ssh - gitlab 通过 ssh 访问存储库的问题

Question

对不起，这将是一篇非常详细的帖子，如果只是为了为我澄清一切。一切似乎都配置正确并正在运行:

bundle exec rake gitlab:check RAILS_ENV=production

除了绿灯什么都不给。
添加 ssh key 似乎工作正常，我们可以使用 https://推送

当我们尝试与客户端连接时，我们得到:

$ git push -u origin master
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

探索这进一步产生:

$ GIT_TRACE=1 git push -u origin master
trace: built-in: git 'push' '-u' 'origin' 'master'
trace: run_command: 'ssh' '-p' '2222' 'gitlab@myserver.net' 'git-receive-pack '\''/root/test1.git'\'''
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

除了退出代码为 1 之外，使用调试信息运行它不会产生任何有趣的结果。

在我们尝试连接时查看服务器上的日志，我们得到了这个(它在 arch linux 上运行):

$ journalctl -f

Jan 21 21:42:59 michaelarch sshd[2633]: Accepted publickey for gitlab from 192.168.1.1 port 58207 ssh2: ECDSA XX:e3:XX:aa:XX:0a:XX:37:XX:ad:XX:4f:XX:ab:ab:XX
Jan 21 21:42:59 michaelarch sshd[2633]: pam_unix(sshd:session): session opened for user gitlab by (uid=0)
Jan 21 21:42:59 michaelarch systemd[1]: Starting user-1001.slice.
Jan 21 21:42:59 michaelarch systemd[1]: Created slice user-1001.slice.
Jan 21 21:42:59 michaelarch systemd[1]: Starting User Manager for 1001...
Jan 21 21:42:59 michaelarch systemd[1]: Starting Session 20 of user gitlab.
Jan 21 21:42:59 michaelarch systemd-logind[461]: New session 20 of user gitlab.
Jan 21 21:42:59 michaelarch systemd[1]: Started Session 20 of user gitlab.
Jan 21 21:42:59 michaelarch systemd[2635]: pam_unix(systemd-user:session): session opened for user gitlab by (uid=0)
Jan 21 21:42:59 michaelarch systemd[2635]: Failed to open private bus connection: Failed to connect to socket /run/user/1001/dbus/user_bus_socket: No such file or directory
Jan 21 21:42:59 michaelarch systemd[2635]: Mounted /sys/kernel/config.
Jan 21 21:42:59 michaelarch systemd[2635]: Mounted /sys/fs/fuse/connections.
Jan 21 21:42:59 michaelarch systemd[2635]: Stopped target Sound Card.
Jan 21 21:42:59 michaelarch systemd[2635]: Starting Default.
Jan 21 21:42:59 michaelarch systemd[2635]: Reached target Default.
Jan 21 21:42:59 michaelarch systemd[2635]: Startup finished in 23ms.
Jan 21 21:42:59 michaelarch systemd[1]: Started User Manager for 1001.
Jan 21 21:42:59 michaelarch sshd[2636]: Received disconnect from 192.168.1.1: 11: disconnected by user
Jan 21 21:42:59 michaelarch sshd[2633]: pam_unix(sshd:session): session closed for user gitlab
Jan 21 21:42:59 michaelarch systemd-logind[461]: Removed session 20.
Jan 21 21:42:59 michaelarch systemd[1]: Stopping User Manager for 1001...
Jan 21 21:42:59 michaelarch systemd[2635]: Stopping Default.
Jan 21 21:42:59 michaelarch systemd[2635]: Stopped target Default.
Jan 21 21:42:59 michaelarch systemd[2635]: Starting Shutdown.
Jan 21 21:42:59 michaelarch systemd[2635]: Reached target Shutdown.
Jan 21 21:42:59 michaelarch systemd[2635]: Starting Exit the Session...
Jan 21 21:42:59 michaelarch systemd[1]: Stopped User Manager for 1001.
Jan 21 21:42:59 michaelarch systemd[1]: Stopping user-1001.slice.
Jan 21 21:42:59 michaelarch systemd[1]: Removed slice user-1001.slice.

现在我的假设是失败的 dbus 在线:

Jan 21 21:42:59 michaelarch systemd[2635]: Failed to open private bus connection: Failed to connect to socket /run/user/1001/dbus/user_bus_socket: No such file or directory

可能是导致问题的原因，但我无法弄清楚，而且我几乎达到了我的知识极限。

当然有很多配置文件，但我想我已经研究了所有这些，非常欢迎任何想法或测试。

身份验证似乎在运行时成功:

ssh -vvT gitlab@myserver.net

给出:

......
debug1: Server accepts key: pkalg ecdsa-sha2-nistp521 blen 172
debug2: input_userauth_pk_ok: fp XX:e3:XX:aa:af:0a:ca:37:08:ad:XX:4f:XX:ab:ab:XX
debug1: read PEM private key done: type ECDSA
debug1: Authentication succeeded (publickey).
Authenticated to myserver.net ([11.123.5.462]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3780, received 2908 bytes, in 0.0 seconds
Bytes per second: sent 76566.5, received 58903.5
debug1: Exit status 1

编辑:针对评论添加了更多详细信息。

Answer 1

我目前遇到了完全相同的问题。经过一些试验，我发现以下内容: gitlab 用户应该无法登录，因此/etc/passwd 中的 shell 设置为/bin/false。对于 SSH 访问，在 ~gitlab/.ssh/authorized_keys 中定义了一个强制命令，该命令以 key 为参数执行 gitlab-shell，以使连接用户可以访问基本的 git 操作。

现在我发现当/etc/passwd 中的用户 shell 设置为/bin/false 时，强制命令机制根本不起作用，ssh 连接挂断。一种解决方法是只为用户提供一个默认登录 shell，以便执行强制命令。

但是，老实说，我不知道这是否应该是这样工作的，特别是，强制命令是否应该只在用户具有功能登录 shell 时才起作用(即比强制命令。我希望将 shell 设置为/bin/false，这样当authorized_keys 文件中的配置正确时，用户获取的是 gitlab-shell，如果不是，则用户什么都没有。现在，一个配置错误会给用户比我预期的更多的权限。)