将CentOS更新至OpenSSh 5.3后发生Git访问问题
我在CentOS服务器上安装了GitLab。我刚刚做了一个'yum更新',其中包括更新openssh,openssh-askpass,openssh-client和openssh-server到版本5.3p1。现在,我的用户都无法通过git访问他们的代码。我试着调试会话“SSH -vT混帐@我的服务器]”,出现下面的输出:将CentOS更新至OpenSSh 5.3后发生Git访问问题
$ ssh -vT [email protected][myserver]
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Connecting to 172.16.2.156 [172.16.2.156] port 22.
debug1: Connection established.
debug1: identity file /c/Users/anne.racel/.ssh/identity type -1
debug1: identity file /c/Users/anne.racel/.ssh/id_rsa type 1
debug1: identity file /c/Users/anne.racel/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '172.16.2.156' is known and matches the RSA host key.
debug1: Found key in /c/Users/anne.racel/.ssh/known_hosts:8
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /c/Users/anne.racel/.ssh/identity
debug1: Offering public key: /c/Users/anne.racel/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering public key: /c/Users/anne.racel/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: password
[email protected]'s password:
在/ var /日志/安全文件显示,继前几次:
Oct 30 15:54:55 SRV-GITLAB-001 sshd[13526]: Invalid user Anne.Racel from 192.168.253.77
Oct 30 15:54:55 SRV-GITLAB-001 sshd[13528]: input_userauth_request: invalid user Anne.Racel
但后来我开始没有任何输出。
我已经试过修改sshd_config文件包含以下(注:在该文件的时间戳表明,它并没有在更新过程中发生变化),按照指示我在网上找到:
### changing this, hoping to solve our RSA keys problem ###
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /var/opt/gitlab/.ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody
我我试过在Gitlab中删除旧密钥并添加新密钥(RSA和DSA)。我确认密钥确实出现在/gitlab/.ssh/known_hosts文件中。以防万一,我尝试重置pam_tally2。我检查了.ssh目录的权限并包含文件。没有什么似乎有所作为。
我可以SSH入服务器,所以密码正在工作。它似乎是关于使用密钥来连接,这是行不通的。
好的 - 我终于找到了解决方案。
此升级似乎已将SELinux安全级别提高为“强制执行”。由于我们的服务器位于防火墙之后,因此我已将其降为“宽容”,并且所有内容似乎都在重新运行。
感谢这里的答案:https://serverfault.com/questions/321534/public-key-authentication-fails-only%20when-sshd-is-daemon
非常感谢你的这个...... – 2016-02-04 21:55:41
如果你使用'-vvv'你得到SSH些什么?这些错误行看起来像是抱怨用户名不是关键。 – 2014-10-30 23:35:38
下面是我尝试提高详细程度(相关部分)时的响应:'debug1:提供公钥:/c/Users/anne.racel/.ssh/id_rsa debug3:send_pubkey_test debug2:我们发送了一个publickey包,等待答复 DEBUG1:身份验证,可以继续:公钥,GSSAPI-keyex,GSSAPI-与-MI C,密码 DEBUG1:提供公共密钥:/c/Users/anne.racel/.ssh/id_dsa debug3:send_pubkey_test debug2:我们发送了一个publickey包,等待回复' – amracel 2014-10-31 00:02:42