ubuntu-2204 gerrit ssh 报错Permission denied (publickey).分析及解决

已于 2022-09-02 12:46:03 修改
阅读量8.5k 收藏 16
点赞数 6
分类专栏: # Linux_env 文章标签: ssh ubuntu git
于 2022-04-29 14:56:42 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/halazi100/article/details/124496131
版权

ubuntu-2204 gerrit ssh 报错Permission denied (publickey).分析及解决

使用repo init/sync下载代码时遇到报错: Permission denied (publickey).

分析排查步骤

通过以下步骤排查

以下user10.100.1.115为化名

$ ssh -p 29418 user@10.100.1.115

The authenticity of host '[10.100.1.115]:29418 ([10.100.1.115]:29418)' can't be established.
ED25519 key fingerprint is SHA256:YmW8pF9ZuvIBcT6qWr5Q72zTP7RBVoGcovSKth6uFWo.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[10.100.1.115]:29418' (ED25519) to the list of known hosts.
user@10.100.1.115: Permission denied (publickey).

查看详细信息
$ ssh -vv -p 29418 user@10.100.1.115

OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 10.100.1.115 is address
debug1: Connecting to 10.100.1.115 [10.100.1.115] port 29418.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version GerritCodeReview_3.2.7 (APACHE-SSHD-2.4.0)
debug1: compat_banner: no match: GerritCodeReview_3.2.7 (APACHE-SSHD-2.4.0)
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.100.1.115:29418 as 'user'
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:YmW8pF9ZuvIBcT6qWr5Q72zTP7RBVoGcovSKth6uFWo
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[10.100.1.115]:29418' is known and matches the ED25519 host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/user/.ssh/id_rsa RSA SHA256:bansqueqJ/in2VZCOhLH8qQbALzUhWiHySt3gePFYds agent
debug1: Will attempt key: /home/user/.ssh/id_ecdsa 
debug1: Will attempt key: /home/user/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/user/.ssh/id_ed25519 
debug1: Will attempt key: /home/user/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/user/.ssh/id_xmss 
debug1: Will attempt key: /home/user/.ssh/id_dsa 
debug2: pubkey_prepare: done
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:bansqueqJ/in2VZCOhLH8qQbALzUhWiHySt3gePFYds agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug1: Trying private key: /home/user/.ssh/id_ed25519_sk
debug1: Trying private key: /home/user/.ssh/id_xmss
debug1: Trying private key: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
user@10.100.1.115: Permission denied (publickey).

通过以上详细信息可以看到以下几个关键点

  • OpenSSH版本为 OpenSSH_8.9p1
  • 失败的具体原因为
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:bansqueqJ/in2VZCOhLH8qQbALzUhWiHySt3gePFYds agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug1: Trying private key: /home/user/.ssh/id_ed25519_sk
debug1: Trying private key: /home/user/.ssh/id_xmss
debug1: Trying private key: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
user@10.100.1.115: Permission denied (publickey).
  • 验证publickey时,本地提供了私钥/home/user/.ssh/id_rsa,但是no mutual signature algorithm 无互签名算法,尝试ed25529等算法但是没有匹配的认证方式。
  • 解决办法是提供ecdsa,ed25519,dsa等算法的公钥和私钥对。

深层次原因及解决方法

OpenSSH 8.8 考虑到cryptographically broken,开始禁用了使用SHA-1哈希算法的RSA签名算法。
这是一个客户端限制。我们必须提供能被OpenSSH 8.8认可的密钥类型,比如 OpenSSH 推荐的Ed25519

配置方法如下:

  1. 生成ed25519密钥
    ssh-keygen -t ed25519 -C "your_email@example.com"
    将私钥添加到身份验证代理
    ssh-add

  2. ~/.ssh/id_ed25519.pub的文本添加到gerritgit用户配置的SSH keys

  • cat ~/.ssh/id_ed25519.pub
  • Click the setting button
  • Click the SSH Public Keys button
  • Click the Add key button
  • Add the info of the public key and save.
  1. 可以在~/.ssh/config配置文件中指定认证选项,明确指定认证文件(不是必须的)
    比如:
Host your.gerrit.host
IdentityFile ~/.ssh/id_ed25519
  1. 或者在$HOME/.ssh/config配置文件中指定客户端接受RSA密钥(不推荐)
PubkeyAcceptedKeyTypes +ssh-rsa


Host *
ServerAliveInterval 120

IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
PubkeyAcceptedKeyTypes +ssh-rsa
halazi100
关注
  • 6
    点赞
  • 16
    收藏
    觉得还不错? 一键收藏
  • 9
    评论
专栏目录
gerrit-stable-2.11.tar.gz
09-04
gerrit-stable-2.11.tar.gz gerrit-stable-2.11.tar.gz gerrit-stable-2.11.tar.gz gerrit-stable-2.11.tar.gz gerrit-stable-2.11.tar.gz gerrit-stable-2.11.tar.gz
ssh登录主机提示以下错误:Permission denied (publickey,gssapi-keyex,gssapi-with-mic)解决办法
longerxin2020的博客
11-14 3173
以下是一些可能的解决办法: 1. **开启密码认证**:登录到服务器,编辑 `/etc/ssh/sshd_config` 文件,找到 `PasswordAuthentication` 选项,将其设置为 `yes`,然后保存退出。在大多数 Linux 发行版中,你可以使用以下命令来重启 SSH 服务: ```bash service sshd restart ``` 或者 ```bash systemctl restart sshd ``` 之后,你应该就能够使用密码来进行 SSH 登录了。
gerrit ssh 运维命令遇到Permission denied (publickey) 情况
weixin_30470857的博客
03-14 7852
1. 首先登陆gerrit 注册(激活)自己的账号。 2. 生成SSH KEY。 runssh-keygen -t dsa -b 1024。 提示Enter file in which to save the key: 输入任意一文件名(例如id_dsa)。 提示Enter file in which to save the key, 连续输入两次回车。 ls /home 或者 /.ss...
SSH登录失败报错Permission denied (publickey)的解决方法
小桥流水 的专栏
03-14 2549
SSH登录失败报错Permission denied (publickey)的多种可能性,及解决方案。
SSH连接 Permission denied (publickey)
迈微AI研习社 · 号主
06-14 9504
在用Linux终端使用ssh root@server_ip来连接到远程服务器时,出现Permission denied (publickey).提示 分析问题原因,解决办法
gerrit-2.16.7.tar.gz
04-02
Gerrit is a code review and project management tool for Git based projects.附件是最新版本gerrit的源码,可以进行源码的直接安装。
Gerrit报错Permission denied (publickey)
专注Android系统
03-29 7563
使用Gerrit pull代码的时候,你会发现报错,错误信息大概是:Permission denied (publickey)。 是由于OpenSSH从8.8版本由于安全原因开始弃用了rsa加密的密钥,因为OpenSSH认为rsa破解成本已经低于5万美元,所以觉得成本太小了,有风险就给禁用了。 你可以通过命令:ssh -v [git服务器] 去查看Gerrit服务器的OpenSSH的版本号,如果≥8.8,就可以用这个方法。 解决办法:进入本机 .ssh目录,在下面新建一个config文件,不带
ssh Permission denied (publickey)
liyonghui123的专栏
03-13 905
  ssh链接机器是报错:   ssh -p 29418 [email protected] Permission denied (publickey).     ssh-keygen -t rsa -c "admin" -f ~/.ssh/root   原因是上面这个命令生成密钥的时候指定了密钥的文件root,而系统默认的密钥文件名为:id_rsa,所以系统会出现以上错误...
SSH解决Permission denied (publickey).
weixin_45338109的博客
05-12 5144
我受到了启发。
ssh登录出现Permission denied, please try again可能的解决方案
热门推荐
m0_56745306的博客
05-06 6万+
本文排查解决ssh登录时遇到的Permission denied,please try again问题,并发现是由之前使用的zsh遗留问题所导致。
SSH远程连接报错:Permissiondenied, please try again.的解决办法【备忘】
whj99154562的专栏
01-04 3万+
使用 SSH 登录Linux 服务器时,如果是 root 用户,即便正确输入密码,也会出现如下错误信息“Permission denied, please try again.”
gerrit-rest-java-client:用于Gerrit代码审查的Java REST客户端
01-30
gerrit-rest-java-client 介绍 REST API的Java实现。 仅支持Gerrit 2.6或更高版本(旧版本中缺少/不完整的REST API)。 例如,此实现用作。 支持许多不同的身份验证方法(HTTP基本,HTTP摘要,带形式的LDAP,来自Gerrit设置的HTTP密码,...)。 用法 该库实现 。 您只需要几行就可以使它工作: GerritRestApiFactory gerritRestApiFactory = new GerritRestApiFactory (); GerritAuthData . Basic authData = new GerritAuthData . Basic ( " http://localhost:8080 " ); // or: authData = new GerritAuthData.Basic("https://example.com/gerrit", "user", "password"); GerritApi gerritApi = gerritRestApiFactory . create(aut
gerrit-rest-java-client, Gerrit代码审查的Java REST客户端.zip
11-15
gerrit-rest-java-client, Gerrit代码审查的Java REST客户端 gerrit-rest-java-client 简介Gerrit代码审查工具 REST API的Java实现。仅支持 Gerrit 2.6或者更新版本的( 。旧版本中缺少/不完整的REST API ) 。
git学习--gerrit服务器搭建总结
02-25
gitweb:Gitweb提供了git版本库的图形化web浏览功能,能看代码库,提交日志等服务器操作系统:ubuntu14.04gerrit所用包:gerrit-2.10.war,此版本必须要用jdk7以上,本人用了jdk7.1.ubuntu服务器安装git2.ubuntu...
【QT】Ubuntu22.04 配置 QT6.5 LTS
Shen Mu Xin's Blog
04-24 1059
会进入这样的安装页面,然后登陆你的QT Group账号,这里会检测License,如果注册了Edu License就可以顺利通过,如果没有则需要申请10天的试用,)进行账号注册,个人或企业可以获得10天的免费使用,学生则可以获得免费的License,如果是学生的话可以进行学生邮箱验证(填写这样的表单然后提交,等QT发邮件过来(可能需要十几分钟),然后进入学生邮箱然后激活,之后就可以顺利下载。启动QT Creator,然后选择一个自己喜欢的demo,直接使用默认配置。然后打开下载的路径,为下载好的安装文件。
Ubuntu+Systemd服务+实现开机自启/关机启动脚本
最新发布
m0_69253695的博客
04-24 235
保存txt文档,然后把txt文档重命名为XXXX.service。然后需要把XXXX.service文件移动到下面的路径中。你可以执行下面的命令,检查服务的状态来确认它是否正常运行。如果想要启动sh脚本,就把下面的代码输入到txt文档中。如果想要启动py脚本,就把下面的代码输入到txt文档中。然后执行下面的命令,启用并启动服务。现在随便一个地方创建txt文档。下面是常用命令的意思,供参考。
在docker容器中编译 rk3588 ubuntu固件
CHNIM的博客
04-23 361
因为网络环境等原因,.repo/repo/repo sync -c --no-tags 命令更新代码可能会失败,可多次反复执行。SDK 源码存放于 gitlab,国内用户可能下载完整的 SDK 仓库速度比较慢,所以FireFly提供了一个 SDK 基础包。,国内用户只需要在此基础包上同步 gitlab 上的代码就可以了,本人使用的linux sdk基础包。我们所有的操作都在挂载的文件夹里边进行防止数据丢失。直接通过dockerfile构建方便快捷。下载完毕后得到6个压缩包文件。
3节点ubuntu24.04服务器docker-compose方式部署高可用elk+kafka日志系统并接入nginx日志
qq_41905051的博客
04-23 1222
3节点ubuntu24.04服务器docker-compose方式部署高可用elk+kafka日志系统并接入nginx日志
Ubuntu搭建RP2040开发环境-1
qq_40731414的博客
04-23 423
一、下载SDK和编译链 下载SDK 下载交叉编译链 配置 在最后追加 二、编译实例工程 新开一个终端,进入目录 编译blink编程 编译完成同级目录下生成:blink.uf2、blink.elf、blink.bin
xiqiang.zhou@gerrit.ecarxgroup.com: Permission denied (publickey). fatal: Could not read from remote repository.
11-21
这个错误通常是由于SSH密钥验证失败导致的。可能的原因是您没有正确设置SSH密钥或没有将公钥添加到您的Git帐户中。您可以按照以下步骤解决此问题: 1.检查您的SSH密钥是否正确设置。您可以使用以下命令检查: ```shell cat ~/.ssh/id_rsa.pub ``` 如果没有输出,请按照以下指南设置SSH密钥:https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/ 2.检查您的公钥是否已添加到您的Git帐户中。您可以按照以下指南检查: https://help.github.com/articles/adding-a-new-ssh-key-to-your-github-account/ 3.如果您已经正确设置了SSH密钥并将公钥添加到您的Git帐户中,但仍然无法访问存储库,请检查您是否有权限访问该存储库。您可以联系存储库所有者以获取更多帮助。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 9
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值