Impossible to pull / push via ssh gitea

  • Gitea version (or commit ref): 1.6.0 built with: bindata, sqlite
  • Git version: 2.17.1
  • Operating system: DSM 6.2.1-238824

Installed Gitea on NAS Synology DS918+

When I want to clone a repository:

git clone gitea@git.my_domain.ru:vlad.bitrix/layout.git
Cloning into ‘layout’…
gitea@git.my_domain.ru’s password:
Permission denied, please try again.
gitea@git.my_domain.ru’s password:
gitea@git.my_domain.ru: Permission denied (publickey,password).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

If you use HTTPS:

git clone https://git.my_domain.ru:3000/vlad.bitrix/layout.git
Cloning into ‘layout’…
remote: Counting objects: 2127, done.
remote: Compressing objects: 100% (650/650), done.
remote: Total 2127 (delta 1433), reused 2127 (delta 1433)
Receiving objects: 100% (2127/2127), 5.00 MiB | 7.46 MiB/s, done.
Resolving deltas: 100% (1433/1433), done.
iMac-Vlad-2:test vladbaranov$

Everything works successfully!

if you enter: ssh -v git.my_domain.ru

OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to git.my_domain.ru port 22.
debug1: Connection established.
debug1: identity file /Users/vladbaranov/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /Users/vladbaranov/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/vladbaranov/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/vladbaranov/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/vladbaranov/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/vladbaranov/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/vladbaranov/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/vladbaranov/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to git.my_domain.ru:22 as ‘vladbaranov’
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:RocgmrS0uNfyudnDDcWDdJrgsNhKEkd5Ans9bW0rAXTn4
debug1: Host ‘git.my_domain.ru’ is known and matches the ECDSA host key.
debug1: Found key in /Users/vladbaranov/.ssh/known_hosts:21
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:sosF7LQODaGgdfjqwfDOpdCgaRGs4Ylva3WuygFc/Ioapk /Users/vladbaranov/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/vladbaranov/.ssh/id_dsa
debug1: Trying private key: /Users/vladbaranov/.ssh/id_ecdsa
debug1: Trying private key: /Users/vladbaranov/.ssh/id_ed25519
debug1: Next authentication method: password
vladbaranov@git.my_domain.ru’s password:

How I installed Gitea:

  1. Create a file SPK https://github.com/flipswitchingmonkey/gitea-spk (version gitea-1.6.0-linux-amd64)
  2. Installed on Synology http://joxi.ru/Grq7BL5UQMpOn2. Installation was successful.
  3. File app.ini:

APP_NAME = Gitea: Git with a cup of tea
RUN_USER = gitea
RUN_MODE = prod

[security]
INTERNAL_TOKEN = xxxxxxxxxxx
INSTALL_LOCK = true
SECRET_KEY = xxxxxxxxxxx

[database]
DB_TYPE = mysql
HOST = 127.0.0.1:3307
NAME = gitea
USER = gitea
PASSWD = my_pass
SSL_MODE = disable
PATH = data/gitea.db

[repository]
ROOT = /usr/local/gitea/gitea/gitea-repositories

[server]
SSH_DOMAIN = git.my_domain.ru
DOMAIN = git.my_domain.ru
HTTP_PORT = 3000
ROOT_URL = https://git.my_domain.ru:3000/
DISABLE_SSH = false
SSH_PORT = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /usr/local/gitea/gitea/data/lfs
LFS_JWT_SECRET = xxxxxxxxx
OFFLINE_MODE = false
PROTOCOL = https
CERT_FILE = /usr/local/gitea/gitea/custom/https/cert.pem
KEY_FILE = /usr/local/gitea/gitea/custom/https/key.pem

[mailer]
ENABLED = true
HOST = mail.my_domain.ru:587
FROM = office@my_domain.ru
USER = my_login
PASSWD = my_pass

[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = true
DISABLE_REGISTRATION = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = true
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = my_domain.ru

[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = false

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true

[session]
PROVIDER = file

[log]
MODE = file
LEVEL = Info
ROOT_PATH = /usr/local/gitea/gitea/log

  1. Rights to /usr/local/gitea/gitea/.ssh (700) and /usr/local/gitea/gitea/.ssh/authorized_keys (600)
  2. Run - Update the ‘.ssh/authorized_keys’ file with Gitea SSH keys. (Not needed for the built-in SSH server.)
  3. Run - Resynchronize pre-receive, update and post-receive hooks of all repositories.
  4. SSH-key installed http://joxi.ru/J2bWX1jIXa3OeA

Help please understand, for 2 days I can not understand why it does not work on SSH and works on HTTPS.

maybe you should edit your .ssh/config to indicate which private key gitea to use?

Strange that if I enter the password of the user Gitea also does not work.
The /etc/ssh/sshd_config file:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

This is not a Gitea issue, per se, but something in your SSH configs. Please ensure your config file is pointing to the correct Gitea SSH port (e.g. if you’re forwarding to 222, for example) and make sure your auth’d keys as the proper group/permissions necessary to function.

Log in to the server via SSH using keys I can, everything works, I can not use only Gitea. I also think that the problem with access via SSH but I don’t know how to solve it.

In the app.ini file, the port is set to 22, the port in the server settings is set to 2239, but the router uses forwarding from port 22 to 2239, and, as I already wrote, I can log in to the server via SSH using the key.

Rights to the SSH folder http://joxi.ru/eAO967vsxzJMBm
Rights to the authorized_keys http://joxi.ru/1A5BJzVUn39gYr

In the /etc/passwd file, the Gitea user had sbin/nologin after installing Gitea, I tried changing to / bin / sh but this did not help http://joxi.ru/Q2K9qpvs41NVNr

1 Like