redmine-gitosis
redmine-gitosis copied to clipboard
rocket-rentals
Getting password prompt when pushing a new repo
I've spent a ridiculous amount of time trying to get this to work. This time through I wrote down every single step. My current problem recreation steps:
- Project settings -> new git repo
- Upload public key
- Add myself as a developer on the project
- Create a repo on my dev machine
- Add gitosis@redmine:test.git as the remote origin
-
git push origin master
And I get prompted for a password. I have verified that I have the private key in my ~/.ssh directory and that Redmine has the correct public key listed under http://redmine/my/public_keys. When I enter text at the prompt or just hit enter, it prompts again until it quits. Each time creates an entry in /var/log/auth.log:
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.191.240 user=gitosis
Aug 17 13:13:15
... sshd[2542]: Failed password for gitosis from 192.168.1.2 port 56278 ssh2
What else can I do to diagnose the problem? Thank you so much!
My installation steps (Ubuntu 11.04):
#!/bin/bash
# first argument: server name (redmine.example.com)
apt-get install git-core
mkdir /var/www
cd /var/www
git clone git://github.com/edavis10/redmine.git
cd redmine
git checkout -b 1.2-stable
apt-get install -y ruby ruby1.9.1-dev libgemplugin-ruby libgemplugin-ruby1.8 mysql-server apache2-mpm-prefork wget libruby-extras libruby1.8-extras rake apache2-prefork-dev libapache-dbi-perl libapache2-mod-perl2 libdigest-sha1-perl libmysqlclient15-dev build-essenti\
al libcurl4-openssl-dev cron librmagick-ruby1.8
echo "CREATE DATABASE redmine CHARACTER SET utf8;
CREATE USER 'redmine'@'localhost' IDENTIFIED BY 'my_password';
GRANT ALL privileges ON redmine.* TO 'redmine'@'localhost';
" | mysql -u root -p
cd redmine
echo "production:
adapter: mysql
database: redmine
host: localhost
username: redmine
password: my_password
encoding: utf8
" > config/database.yml
tail -n 30 config/database.yml.example >> config/database.yml
apt-get install -y rubygems1.8
gem install rails -v=2.3.11
gem install rack -v=1.1.1
gem install mysql
gem install -v=0.4.2 i18n
chown -R www-data:www-data .
chmod -R 755 files log tmp
cp Rakefile tmpR
head -n 6 tmpR > Rakefile
echo "
require 'rake/dsl_definition'
" >> Rakefile
tail -n 4 tmpR >> Rakefile
rm tmpR
rake generate_session_store
RAILS_ENV=production rake db:migrate
RAILS_ENV=production rake redmine:load_default_data
apt-get install -y libapache2-mod-passenger
echo '
<VirtualHost *:80>
ServerName $1
DocumentRoot /var/www/redmine/public
PassengerDefaultUser www-data
RailsEnv production
RailsBaseURI /redmine
SetEnv X_DEBIAN_SITEID "default"
<Directory /var/www/redmine/public>
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
' > /etc/apache2/sites-available/redmine
echo "
Include /etc/apache2/mods-available/passenger.conf
" >> /etc/apache2/apache2.conf
ln -s /etc/apache2/sites-available/redmine /etc/apache2/sites-enabled/redmine
rm /etc/apache2/sites-enabled/000-default
gem install inifile
apt-get install -y libnet-ssh-ruby1.8 python-setuptools
gem install lockfile net-ssh
apt-get install -y gitosis git-daemon-run acl
/etc/init.d/apache2 restart
Activate acl for my partition, reboot, then:
#!/bin/bash
sudo -H -u gitosis ssh-keygen -t dsa
sudo -u gitosis cat /srv/gitosis/.ssh/id_dsa.pub | sudo -H -u gitosis gitosis-init
sudo sed -i.orig 's:/var/cache:/srv/gitosis:g' /etc/sv/git-daemon/run
setfacl -m user:www-data:r-x,mask:r-x /srv/gitosis/.ssh
setfacl -m user:www-data:r--,mask:r-- /srv/gitosis/.ssh/id_dsa
cd /var/www/redmine
script/plugin install git://github.com/xdissent/redmine_gitosis.git
sudo -u www-data X_DEBIAN_SITEID=default RAILS_ENV=production rake db:migrate:plugins
/etc/init.d/apache2 restart
Is your SSH-Key not password-secured? Otherwise, there should be a prompt, of course. How did you create your own SSH-Key?
Thank you for your time!
openssl genrsa -des3 -out redmine-private.pem 2048
openssl rsa -in redmine-private.pem -pubout > redmine.pub
It is password-secured, but the prompt is:
$ git push origin master
gitosis@redmine's password:
Permission denied, please try again.
and the password I used when creating the key does not work.
Um, why you tying to connect using gitosis user? Are you sure that your installation uses it instead of git?
I mean git origin: gitosis@redmine:test.git
I tried git@redmine:test.git and got the same results, but apt-get install gitosis sets up the user gitosis, which is why the sudo's in the last part of my bash record are as gitosis.
I'm sure, this is not an redmine-gitosis issue, but you should start from looking into /var/logs/secure (or what debian uses for authentication logging), and see what happens. Don't forget to start sshd with debug-level logging.
I stopped my sshd and started it with sudo /usr/sbin/sshd -ddd
Here is the output: https://gist.github.com/1154120
So it appears to be looking in /srv/gitosis/.ssh/authorized_keys. Should the redmine_gitosis plugin be placing the public keys uploaded by redmine users in that file?
There something wrong with your installation. Can you paste /srv/gitosis/.ssh/authorized_keys. contents? There something wrong with key file:
debug2: key_type_from_name: unknown key type 'command="gitosis-serve'
debug3: key_read: missing keytype
### autogenerated by gitosis, DO NOT EDIT
command="gitosis-serve gitosis@redmine",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAA...[one long random string here]...= gitosis@redmine
you may try to sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update
Thanks - I tried sudo chmod 755 /srv/gitosis/repositories/gitosis-admin.git/hooks/post-update, but no change.
Should I try reinstalling gitosis in a different manner from above? Or is there another issue page / mailing list I should try?
Yes, I think you should try from scratch. First of all, befo setting redmine integration, make sure that gitosis itself work well.
On the server:
git clone git://eagain.net/gitosis
cd gitosis
python setup.py install
sudo adduser --system --shell /bin/sh --gecos 'git version control' --group --disabled-password --home /srv/git git
sudo -H -u git ssh-keygen -t dsa
sudo -u git cat /srv/git/.ssh/id_dsa.pub | sudo -H -u git gitosis-init
sudo scp /srv/git/.ssh/id_dsa me@client:~/.ssh/git_pri
On the client:
$ git clone git@redmine:gitosis-admin.git
Cloning into gitosis-admin...
git@redmine's password:
Permission denied, please try again.
How does git know to use ~/.ssh/git_pri? Could that be the problem? When I use a key with ssh I do ssh -i ~/.ssh/key.pem user@host.