git获取代码失败，没有权限

最新推荐文章于 2024-06-27 14:54:28 发布

PJZero

最新推荐文章于 2024-06-27 14:54:28 发布

阅读量2.9k

点赞数

文章标签： git golang github

本文链接：https://blog.csdn.net/pengjian444/article/details/123108906

版权

在这里插入图片描述
一个正常权限校验的流程包括

public key被正确的上传到git平台
本地的public key和private key能够正常映射
git在传输的时候能够用到这两个key，对数据进行加密
客户端使用的git账号是有权限的获取这个代码的

从上面的过程，当遇到Permission denied (keyboard-interactive,publickey).这个错误的时候，我们可以按照以下流程排查

检查git 平台的public key是否和本地的public key一致
public key和private key是否匹配，这里有一段go代码，可以测试。原理就是用public key加密的数据，用Private key解密
参考：https://earthly.dev/blog/encrypting-data-with-ssh-keys-and-golang/

package main

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"crypto/x509"
	"encoding/base64"
	"encoding/pem"
	"fmt"
	"golang.org/x/crypto/ssh"
)

func marshalRSAPrivate(priv *rsa.PrivateKey) string {
	return string(pem.EncodeToMemory(&pem.Block{
		Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv),
	}))
}

func generateKey() (string, string, error) {
	reader := rand.Reader
	bitSize := 2048

	key, err := rsa.GenerateKey(reader, bitSize)
	if err != nil {
		return "", "", err
	}

	pub, err := ssh.NewPublicKey(key.Public())
	if err != nil {
		return "", "", err
	}
	pubKeyStr := string(ssh.MarshalAuthorizedKey(pub))
	privKeyStr := marshalRSAPrivate(key)

	return pubKeyStr, privKeyStr, nil
}

func encrypt(msg, publicKey string) (string, error) {
	parsed, _, _, _, err := ssh.ParseAuthorizedKey([]byte(publicKey))
	if err != nil {
		return "", err
	}
	// To get back to an *rsa.PublicKey, we need to first upgrade to the
	// ssh.CryptoPublicKey interface
	parsedCryptoKey := parsed.(ssh.CryptoPublicKey)

	// Then, we can call CryptoPublicKey() to get the actual crypto.PublicKey
	pubCrypto := parsedCryptoKey.CryptoPublicKey()

	// Finally, we can convert back to an *rsa.PublicKey
	pub := pubCrypto.(*rsa.PublicKey)

	encryptedBytes, err := rsa.EncryptOAEP(
		sha256.New(),
		rand.Reader,
		pub,
		[]byte(msg),
		nil)
	if err != nil {
		return "", err
	}
	return base64.StdEncoding.EncodeToString(encryptedBytes), nil
}

func decrypt(data, priv string) (string, error) {
	data2, err := base64.StdEncoding.DecodeString(data)
	if err != nil {
		return "", err
	}

	block, _ := pem.Decode([]byte(priv))
	key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
	if err != nil {
		return "", err
	}

	decrypted, err := rsa.DecryptOAEP(sha256.New(), rand.Reader, key, data2, nil)
	if err != nil {
		return "", err
	}
	return string(decrypted), nil
}

func main() {
	//pubKey, privKey, _ := generateKey()
	//fmt.Println("my public key is...")
	//fmt.Println(pubKey)
	//fmt.Println("my private key is...")
	//fmt.Println(privKey)
	var pubKey, privKey string
	fmt.Print("Enter public key:")
	fmt.Scanf("%s", &pubKey)
	fmt.Print("Enter private key:")
	fmt.Scanf("%s", &privKey)

	var err error
	var cryptoed string
	cryptoed, err = encrypt("123", pubKey)
	if err != nil {
		panic(nil)
	}

	var decrypted string
	decrypted, err = decrypt(cryptoed, privKey)
	fmt.Printf("decrypt result:%s\n", decrypted)
}