gitlab-cargo-shim icon indicating copy to clipboard operation
gitlab-cargo-shim copied to clipboard

Published 20 hours ago • verified publisher icon w4

failed to start SSH session: Unable to exchange encryption keys; class=Ssh (23)

Open numiralofe opened this issue 2 years ago • 5 comments

Hi All,

Any pointers would be highly appreciated, i can't understand what i am failing on :disappointed:

when i run cargo build

Caused by:
  failed to fetch `ssh://[email protected]/<gitlab_project_path>`

Caused by:
  network failure seems to have happened
  if a proxy or similar is necessary `net.git-fetch-with-cli` may help here
  https://doc.rust-lang.org/cargo/reference/config.html#netgit-fetch-with-cli

Caused by:
  failed to start SSH session: Unable to exchange encryption keys; class=Ssh (23)

Info:

  • That user has a valid ssh key that its used with gitlab
  • I am running gitlab-cargo-shim on 192.168.128.35 with the following config:
listen-address = "[::]:22"
state-directory = "/var/lib/gitlab-cargo-shim"

[gitlab]
uri = "https://my_gitlab_url"
admin-token = "<gitlab token>"

I have the following on ~/.cargo/config.toml:

[registries]
gitlab = { index = "ssh://[email protected]/<path_to_gitlabproject>" }

Added the following env var to the container, but not getting any extra log information :thinking:

 RUST_LOG="debug"

numiralofe avatar Dec 15 '22 21:12 numiralofe

Hey @numiralofe

The error message is indeed correct here, the net.git-fetch-with-cli config value or CARGO_NET_GIT_FETCH_WITH_CLI environment variable is required to run gitlab-cargo-shim unfortunately.

Let me know how you get on.

Thanks

w4 avatar Dec 16 '22 00:12 w4

hey @w4

much appreciated :smiley: just so that any future "like me" comes along this, adding the following block to my ~/.cargo/config.toml fixed the previous issue.

[net]
git-fetch-with-cli = true   # use the `git` executable for git operations

got stucked now on the next one :disappointed:

cargo build -v
    Updating `gitlab` index
     Running `git fetch --force --update-head-ok 'ssh://[email protected]/cbrain/platform/types' '+HEAD:refs/remotes/origin/HEAD'`
error: failed to get `types` as a dependency of package `my_project v0.1.0 (/home/nuno/rust/my_project)`

Caused by:
  failed to load source for dependency `types`

Caused by:
  Unable to update registry `gitlab`

Caused by:
  failed to fetch `ssh://[email protected]/cbrain/platform/types`

Caused by:
  process didn't exit successfully: `git fetch --force --update-head-ok 'ssh://[email protected]/cbrain/platform/types' '+HEAD:refs/remotes/origin/HEAD'` (exit status: 128)
  --- stderr
  [email protected]: Permission denied (publickey).
  fatal: Could not read from remote repository.

  Please make sure you have the correct access rights
  and the repository exists.

i can run the above git fetch command without any problems if i point directly to my gitlab instance instead of the cargo-shim container.

$ cargo build -v
    Updating `gitlab` index
     Running `git fetch --force --update-head-ok 'ssh://git@gitlab/cbrain/platform/types' '+HEAD:refs/remotes/origin/HEAD'`
error: no matching package named `types` found
location searched: registry `gitlab`
required by package `my_project v0.1.0 (/home/nuno/rust/my_project)`

my doubt is:

as i understand, on the ~/.cargo/config.toml , registries block should point into the cargo-shim container url / port (like the snip bellow) ?

[registries]
gitlab = { index = "ssh://[email protected]/cbrain/platform/types" }

if correct ( that it should point to the cargo-shim container ) , why the auth error :thinking: cause with my current credentials i can authenticate fine if point at the gitlab instance it just fails if pointing at the cargo-shim container...

On the other hand, if registries should point directly to gitlab then i am not understanding how cargo-shim will be used as the interface between cargo build and gitlab :thinking:

I will be again super appreciated with any pointer. Thanks

numiralofe avatar Dec 16 '22 20:12 numiralofe

Hey @numiralofe

There's some discussion about this in #28, the steps in the README to use this in CI are currently incorrect

Thanks

w4 avatar Dec 16 '22 21:12 w4

Hey @w4

Thanks again :smiley:

After reading #28 tried both options on my ~/.ssh/config

Host cargo-shim
    Hostname cargo-shim
    User gitlab-ci-token:$GITLAB_TOKEN

and

Host cargo-shim
    Hostname cargo-shim
    User git
    IdentityFile ~/.ssh/id_rsa

my ~/.cargo/config.toml doesn't refer any username:

[registries]
gitlab = { index = "ssh://cargo-shim/cbrain/platform/types" }

but still no joy :disappointed:

$ cargo -v build 
    Updating `gitlab` index
     Running `git fetch --force --update-head-ok 'ssh://cargo-shim/cbrain/platform/types' '+HEAD:refs/remotes/origin/HEAD'`
error: failed to get `types` as a dependency of package `my_project v0.1.0 (/home/nuno/rust/my_project)`

Caused by:
  failed to load source for dependency `types`

Caused by:
  Unable to update registry `gitlab`

Caused by:
  failed to fetch `ssh://cargo-shim/cbrain/platform/types`

Caused by:
  process didn't exit successfully: `git fetch --force --update-head-ok 'ssh://cargo-shim/cbrain/platform/types' '+HEAD:refs/remotes/origin/HEAD'` (exit status: 128)
  --- stderr
  git@cargo-shim: Permission denied (publickey).
  fatal: Could not read from remote repository.

  Please make sure you have the correct access rights
  and the repository exists.

numiralofe avatar Dec 16 '22 22:12 numiralofe

I believe the first one should work but instead of $GITLAB_TOKEN it should be $CI_JOB_TOKEN

w4 avatar Dec 19 '22 09:12 w4