semaphore
semaphore copied to clipboard
semaphoreui
SSH using wrong account
AlmaLinux 8.6 Snapd 2.56.2-1 installed from epel Semaphore v2.8.74
I configured Semaphore with key-based authentication. The username is “ansible”.
When snapd updates Semaphore to the most recent release, all SSH connection to download the most recent repos are using the “git” user. Reconfiguring the key store doesn’t change the behavior.
I need to continue to use the “ansible” user.
The same goes in the following scenario:
SSH key Username: notgit Key: [my key]
Repository: URL: ssh://[email protected]/example/ansible.git SSH Key: the key from earlier
Result in the repo server logs:
Connection closed by invalid user git from <semaphore IP>
This actually prevents me from using Semaphore in a normal way, we currently have our code checked out manually in the semaphore user's homedir..
I also experience this problem. I use a private gitea server instance with their internal ssh server which uses the user gitea. Debug logs of the ssh server reveal the incorrect username, resulting in the clone failing with the somewhat missleading error message
Unable to clone repository: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
While ssh deploy keys would definitely be the much preferred option due to better access control, I now use https based authentication as a workaround until this is fixed.
Hey,
It's far from perfect, but a workaround is changing the username that is staticly set to 'git' in the getAuthMethod function in lib/GoGitClient.go (line 34), and recompile. This workaround will only be useful if all your external SSH repositories accept the new username and don't use the 'git' username.
I havent tested this against a Git server yet, but SSH-server logging shows that Semaphore will use the changed username.
If I have some time Ill try my hand at making it use the optional username value that can be set when adding a SSH-key to the key-store.
EDIT: See; PR #1221
