charmbracelet
Unable to init my "admin" account
Describe the bug I just unable to use ssh-keypair for my installation.
To Reproduce Steps to reproduce the behavior:
- I'm using docker-compose on my NAS.
---
version: "3.1"
services:
soft-serve:
environment:
- SOFT_SERVE_INITIAL_ADMIN_KEYS='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxYZEBNRLXmuign6ZgNbmaSK7cnQAgFpx8cCscoqseA local'
image: charmcli/soft-serve:v0.7.4
container_name: soft-serve
volumes:
- /path/to/data:/soft-serve
ports:
- 23231:23231
- 23232:23232
- 23233:23233
- 9418:9418
restart: unless-stopped
- Adding
SOFT_SERVE_INITIAL_ADMIN_KEYSas env as above, or I'm trying to use in config.yaml:
initial_admin_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxYZEBNRLXmuign6ZgNbmaSK7cnQAgFpx8cCscoqseA local"
- Then after container restart i'm trying to ssh my instance:
$ ssh 192.168.0.33 -p 23231 -i ~/.ssh/id_ed25519_local info
Error: user not found
- With regular ssh:
$ ssh 192.168.0.33 -p 23231 -i ~/.ssh/id_ed25519_local
Permission denied (publickey,keyboard-interactive).
Expected behavior
Ability to operate with my instance as admin user, not sure if documentation if out-dated, or I missing something important here.
Environment (please complete the following information):
- OS: Linux(Synology NAS)
- Version v0.7.4
Have you tried adding the admin pub key without quotation marks to config.yaml ?
That's what eventually worked for me.
Like so:
initial_admin_keys:
- ssh-ed25519 AAAAC....
initial_admin_keys: - ssh-ed25519 AAAAC....
Still the same,
$ ssh 192.168.0.33 -p 23231 -i ~/.ssh/id_ed25519_local info
Error: user not found
Can you please share your config.yml?
I left pretty much everything default:
# Soft Serve Server configurations
# The name of the server.
# This is the name that will be displayed in the UI.
name: "Soft Serve"
# Logging configuration.
log:
# Log format to use. Valid values are "json", "logfmt", and "text".
format: "text"
# Time format for the log "timestamp" field.
# Should be described in Golang's time format.
time_format: "2006-01-02 15:04:05"
# Path to the log file. Leave empty to write to stderr.
#path: ""
# The SSH server configuration.
ssh:
# The address on which the SSH server will listen.
listen_addr: ":23231"
# The public URL of the SSH server.
# This is the address that will be used to clone repositories.
public_url: "ssh://localhost:23231"
# The path to the SSH server's private key.
key_path: ssh/soft_serve_host_ed25519
# The path to the server's client private key. This key will be used to
# authenticate the server to make git requests to ssh remotes.
client_key_path: ssh/soft_serve_client_ed25519
# The maximum number of seconds a connection can take.
# A value of 0 means no timeout.
max_timeout: 0
# The number of seconds a connection can be idle before it is closed.
# A value of 0 means no timeout.
idle_timeout: 600
# The Git daemon configuration.
git:
# The address on which the Git daemon will listen.
listen_addr: ":9418"
# The public URL of the Git daemon server.
# This is the address that will be used to clone repositories.
public_url: "git://localhost"
# The maximum number of seconds a connection can take.
# A value of 0 means no timeout.
max_timeout: 0
# The number of seconds a connection can be idle before it is closed.
idle_timeout: 3
# The maximum number of concurrent connections.
max_connections: 32
# The HTTP server configuration.
http:
# The address on which the HTTP server will listen.
listen_addr: ":23232"
# The path to the TLS private key.
tls_key_path:
# The path to the TLS certificate.
tls_cert_path:
# The public URL of the HTTP server.
# This is the address that will be used to clone repositories.
# Make sure to use https:// if you are using TLS.
public_url: "http://localhost:23232"
# The stats server configuration.
stats:
# The address on which the stats server will listen.
listen_addr: "localhost:23233"
# The database configuration.
db:
# The database driver to use.
# Valid values are "sqlite" and "postgres".
driver: "sqlite"
# The database data source name.
# This is driver specific and can be a file path or connection string.
# Make sure foreign key support is enabled when using SQLite.
data_source: "soft-serve.db?_pragma=busy_timeout(5000)&_pragma=foreign_keys(1)"
# data_source: "postgres://postgres@localhost:5432/soft_serve?sslmode=disable"
# Git LFS configuration.
lfs:
# Enable Git LFS.
enabled: true
# Enable Git SSH transfer.
ssh_enabled: false
# Cron job configuration
jobs:
mirror_pull: "@every 10m"
# Additional admin keys.
initial_admin_keys:
- ssh-ed25519 AAAAC3N...
My ssh config, for testing the connection
❯ cat .ssh/config
Host soft
HostName localhost
Port 23231
IdentityFile ~/.ssh/id_ed25519
❯ ssh soft info
Username: admin
Admin: true
Public keys:
ssh-ed25519 AAAAC3N...
I didn't set the SOFT_SERVE_INITIAL_ADMIN_KEYS environment variable, perhaps try unsetting it.
Also, in my config.yaml I didn't set the comment after my public key ("local" in your config).
Hope this helps.
Could you try a new fresh install? Backup the data directory and run Soft Serve with your key in the SOFT_SERVE_INITIAL_ADMIN_KEYS environment variable
SOFT_SERVE_INITIAL_ADMIN_KEYS=ssh-ed25519 AAAAC3N... soft serve
Thanks @srngh and @aymanbagabas. Maybe there is some issue related with fact, that I'm using remote machine. I will try to install it locally.
Just wanted to chip in and say that I was having the same issue, but it seems to be that I initially started the server without providing admin keys. A fresh install solved the issue.
Just wanted to chip in and say that I was having the same issue, but it seems to be that I initially started the server without providing admin keys. A fresh install solved the issue.
That was the issue for me as well. Fresh install with specifying admin keys before first start solved the problem.
Any idea why this is? What does the first run with the env variable do that manually setting initial_admin_keys doesn't?
For installs via package managers (in my case yum/dnf), does that mean adding the key to SOFT_SERVE_INITIAL_ADMIN_KEYS in /etc/soft-serve.conf prior to first starting the server via systemd? (If so, this doesn't work for me on Fedora 40.)
EDIT: to expand,
| Method | Expectation | Got admin? | Met expectation? |
|---|---|---|---|
Clean install of the Fedora/RH package via dnf, systemctl start soft-serve, no changes from defaults in /etc/soft-serve.conf or /var/lib/soft-serve/config.yaml |
no pubkeys set so no admin access | no | :white_check_mark: YES |
Clean install of the Fedora/RH package via dnf, adding my pubkey to initial_public_keys in /var/lib/soft-serve/config.yaml, then systemctl start soft-serve |
pubkey set, but it's unclear what initial_public_keys actually does |
no | :question: unclear |
Clean install of the Fedora/RH package via dnf, adding my pubkey to SOFT_SERVE_INITIAL_ADMIN_KEYS in /etc/soft-serve.conf |
pubkey set as environment variable before first launch, so assuming /etc/soft-serve.conf does what it says it does in its comments: admin access |
no | :x: NO |
Clean install of the Fedora/RH package via dnf, running SOFT_SERVE_INITIAL_ADMIN_KEYS=ssh-ed25519... soft serve without manually changing either config file |
pubkey set as environment variable before first launch, so admin access | YES | :white_check_mark: YES |
Clean install of the Fedora/RH package via dnf, running SOFT_SERVE_INITIAL_ADMIN_KEYS=ssh-ed25519... systemd start soft-serve without manually changing either config file |
passing env to the systemctl command is an impenetrable concept to me so either it works, doesn't, or explodes and kills me |
YES | :question: unclear |
Previously installed package; after starting the server with ...INITIAL_ADMIN_KEYS provided on its first launch, I then stop it, start it again, and then try connecting again with the same client and pubkey |
since it worked with admin access on the first launch, I expect admin access | no | :x: NO |
Previously installed package; after starting the server WITHOUT providing ...INITIAL_ADMIN_KEYS on its first launch, I then stop it, start it again as as SOFT_SERVE_INITIAL_ADMIN_KEYS=ssh-ed25519... soft serve, and then try connecting again with the same client and pubkey |
since the pubkey wasn't provided on first launch, I don't expect admin access | YES | :x: NO |
Previously installed package; after starting the server WITHOUT providing ...INITIAL_ADMIN_KEYS on its first launch, I then launched it again as SOFT_SERVE_INITIAL_ADMIN_KEYS=ssh-ed25519... systemctl start soft-serve, and then try connecting again with the same client and pubkey |
consumed by black hole | YES | :x: NO |
Workaround: adding export SOFT_SERVE_INITIAL_ADMIN_KEYS=ssh-ed25519... to my shell config "works" in the sense that I can then get admin access when running either as soft serve or systemctl start soft-serve , but I don't know why and it sounds like by design this shouldn't be necessary.
Notably, when launching the server via systemd start soft-serve and via soft serve, ssh client connections report a different host key from the Soft Serve server. No idea why.
Removed the package, /var/lib/soft-serve, and the soft-serve user, removed the exported envvars, then installed Soft Serve with go install instead of the package manager. Everything now works as expected:
- Ran
soft servefor the first time withSOFT_SERVE_INITIAL_ADMIN_KEYS=ssh-ed25519... - Connected via ssh with that pubkey, got admin
- Quit
- Ran
soft servewithout the environment variable - Connected via ssh with the same pubkey, got admin
:shrug: Not sure what's going on with the packaged version.
I think I found the issue (or an issue), at least as far as running it as a systemd unit goes:
The default packaged /etc/soft-serve.conf lists:
SOFT_SERVE_INITIAL_ADMIN_KEY
instead of the expected:
SOFT_SERVE_INITIAL_ADMIN_KEYS
Most people just uncomment the existing line in /etc/soft-serve.conf and append their pubkey. I know I did.
After making the change and resetting everything soft-serve works as expected.
I can't seem to figure out what's causing me not to be able to login. After this issue is closed, I'll sure open a pull request with clarification on the ssh aspect, because it's not that i'm stupid, it's that I think it's unclear how things should be done to initialize your server...
