Comments (19)
Hi @mbugeia ,
I think I didn't really test clone in private mode. It doesn't surprise me that https clone won't work in private mode since you need to be authenticated by ssowat. If you were able to pass basic http authorization header in git clone command this will maybe work but I don't know if it's possible. Either case this won't be practical.
despite the issue being closed, I took quite a long time to understand that git through https does not work when website is private, until I reached this thread. Shouldn't this limitation be mentioned during install, just beside the option "Make this website public" ?
from gogs_ynh.
After more tests: using a no-password ssh key doesn't work.
But if I turn my gogs into a public site, any method works.
Does that mean I need to keep it public ? Even for ssh ?
Does it needs to be more integrated into Yunohost ?
from gogs_ynh.
Hi,
I think I didn't really test clone in private mode. It doesn't surprise me that https clone won't work in private mode since you need to be authenticated by ssowat. If you were able to pass basic http authorization header in git clone command this will maybe work but I don't know if it's possible. Either case this won't be practical.
For ssh it should work in private mode if your ssh daemon is properly configured as in the readme and if you've added your public key to your gogs profile. Using password protected or no password sshkey won't matter (this is client side). What clone command are you using ? The correct one is git clone [email protected]:user/repo.git
from gogs_ynh.
I think I didn't really test clone in private mode. It doesn't surprise me that https clone won't work in private mode since you need to be authenticated by ssowat.
Right. I was thinking it might be integrated, asking for login/pwd for instance, and I wanted to be sure it wasn't a bug on my side.
Ok so let's focus on ssh:
For ssh it should work in private mode if your ssh daemon is properly configured as in the readme
(feeling stupid) I missed it (I don't know how ^^), thanks !
Just to be sure, I need to change on my server the file /etc/ssh/sshd_config, not on the client, right ?
I checked it, AuthorizedKeysFile was commented, but it still doesn't work (still asking for a mysterious password).
Compared to the file in the README, the only difference is the UsePAM which is set to yes.
What clone command are you using ?
It's the right command.
from gogs_ynh.
Up :)
Just to be sure, I need to change on my server the file /etc/ssh/sshd_config, not on the client, right ?
I checked it, AuthorizedKeysFile was commented, but it still doesn't work (still asking for a mysterious password).
Compared to the file in the README, the only difference is the UsePAM which is set to yes.
So is it the right configuration for the ssh daemon ?
It still ask for a password (not the ssh key password, sounds like the gogs user password)
from gogs_ynh.
I just tried to connect via ssh, by forcing publickey authentication, I just have this result: Permission denied (publickey,password).
Using nothing ask for a password.
I also tried by using the ssh key I use to log as root (an not for gogs, normally) - it works.
So I'm wondering what configuration I missed, as far as I know it should be 2 separated things.
from gogs_ynh.
Sorry for the response time.
Well maybe there is other thing missing in the conf file. First you can check:
- Is gogs user have your key (the one you put in your gogs profile)
cat /home/gogs/.ssh/authorized_keys
? - What happen during a failed authentification
tail -f /var/log/auth.log
when performing a clone. Is the key the same as in the gogs authorized_keys ?
from gogs_ynh.
Is gogs user have your key (the one you put in your gogs profile) cat /home/gogs/.ssh/authorized_keys ?
I did before, the key was always the right one
What happen during a failed authentification tail -f /var/log/auth.log when performing a clone. Is the key the same as in the gogs authorized_keys ?
I will check ASAP.
from gogs_ynh.
You can also check ssh [email protected]
Gogs will tell you that if it's ok:
PTY allocation request failed on channel 0
Hi there, You've successfully authenticated, but Gogs does not provide shell access.
If this is unexpected, please log in with password and setup Gogs under another user.
Connection to domain.tld closed.
If not, put ssh in verbose mode (-vvvv) to see what happen when also monitoring auth.log.
from gogs_ynh.
I think I had that message before with my gogs ssh key.
Now it asks for the password corresponding to the root ssh key that I used for the test (as the gogs key wasn't working). I have it aside my gogs key.
(if the password is wrong, the gogs account password is required, and not the other ssh key)
Removing the root key, while keeping the gogs key, ask only for gogs account password (and not the ssh key).
from gogs_ynh.
Here is my full sshd_config : https://paste.yunohost.org/atedejuwag.vala if you want to check what's different.
from gogs_ynh.
Thanks :)
Well, the only differences I see are:
StrictModes yes
on my side, and you have the option no,
HostKey /etc/ssh/ssh_host_ed25519_key
I don't have this line.
and:
UsePAM no
I have yes on my side.
from gogs_ynh.
The first two won't change the behavior Have you tried to change UsePAM to no and restart the ssh daemon ?
from gogs_ynh.
Done, no visible effect.
from gogs_ynh.
Well to investigate more I would need the full exchange of the auth.log with the content of the gogs authorized_keys. If you're uncomfortable about exposing it here (even if it's only public keys) you can mail me here: [email protected]
from gogs_ynh.
Should I remove the root key before trying this and sending you the auth.log ?
I mean, when I try with the root key included, it works and ask for its password. This is included in the auth.log, with the right fingerprint.
When I remove it, I just have the prompt for the gogs user's password, nothing for the gogs key password.
And the auth.log contains only the prompt for the user password, nothing about the other key.
Should I try adding the gogs key to the root user authorized_keys file ?
from gogs_ynh.
Ok I found the issue - it's not related to gogs: my ssh-agent had an issue, all the keys I generated since a previous update where not added with ssh-add (seems to be a know bug, updating solved the issue).
So after a new key generation, it's working perfectly fine :)
Thanks for your help, sorry for the inconvenience :(
from gogs_ynh.
I'm glad you make it work. As I said in my previous answer, since gogs worked, the solution had to be in the key exchange either in the daemon or in you ssh agent.
from gogs_ynh.
And you were right, but I wasn't expecting this kind of issue, since the keys were generated and ssh-add was working (btw it reported nothing).
from gogs_ynh.
Related Issues (20)
- Backup/restore issue HOT 5
- private mode does not work HOT 7
- Upgrade issue HOT 4
- Many requests from outside HOT 3
- Add check process HOT 1
- Permission denied
- Add rsync HOT 1
- Error 500 on install HOT 2
- Backup from ARM and restore on 64bits
- 500 error, not sure how to fix HOT 7
- Update to 0.11.29 HOT 4
- Error Redirect HOT 8
- Your app is out of date on the community list HOT 1
- Commit is not up to date in the community.json HOT 2
- Can't disconnect using the disconnect button of gogs HOT 3
- Update to version 0.11.53 HOT 2
- [Maintenance ping] Is this app still maintained ? HOT 1
- Cannot upgrade to version 0.12.3~ynh1 HOT 4
- Can not clone with SSH: AllowGroups
- Cannot clone with SSH: wrong HOME env variable ? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gogs_ynh.