Gogs lance une « Autorisation refusée » lorsque je supprime le fichier clé publique du client

Question

Je viens d'installer Gogs (Go Git Server) sur une framboise Pi3 utilisant le OFFICIELS binocles/binocles-IPD image docker, que je dirige as suggested:

docker run --name=gogs -p 10022:22 -p 10080:3000 -v /var/gogs:/data gogs/gogs-rpi 

J'ai utilisé mon ordinateur portable pour enregistrer un utilisateur admin via l'interface web Gogs et ajouté une clé publique sur le compte. Je peux maintenant cloner des dépôts git de la pi à mon ordinateur portable en utilisant cette commande:

git clone ssh://git@192.168.178.50:10022/peter/my_repo.git 

J'entrez la clé phrase et il fonctionne très bien.

Maintenant la partie étrange ... Lorsque je supprime le fichier de clé publique (id_rsa_gogs.pub) de mon ordinateur portable et réexécute la commande ci-dessus, j'obtiens une erreur 'accès refusé'.

Est-ce que quelqu'un sait ce que cela pourrait être? J'ai déjà enregistré la clé publique dans Gogs. Pourquoi ai-je besoin d'une version de la clé publique sur l'ordinateur client? Je n'ai jamais entendu parler d'un cas où la clé publique doit rester avec le client.

Udapte

Si je rm KeyFile .pub et exécuter ssh -Tv git@192.168.178.50 -p 10022 -i /home/peter/.ssh/id_rsa_gogs je reçois ceci:

OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016 
debug1: Reading configuration data /home/peter/.ssh/config 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 19: Applying options for * 
debug1: Connecting to 192.168.178.50 [192.168.178.50] port 10022. 
debug1: Connection established. 
debug1: key_load_public: No such file or directory 
debug1: identity file /home/peter/.ssh/id_rsa_gogs type -1 
debug1: key_load_public: No such file or directory 
debug1: identity file /home/peter/.ssh/id_rsa_gogs-cert type -1 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000 
debug1: Authenticating to 192.168.178.50:10022 as 'git' 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug1: kex: algorithm: curve25519-sha256@libssh.org 
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none 
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none 
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:[REMOVED] 
debug1: Host '[192.168.178.50]:10022' is known and matches the ECDSA host key. 
debug1: Found key in /home/peter/.ssh/known_hosts:18 
debug1: rekey after [REMOVED] blocks 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug1: rekey after [REMOVED] blocks 
debug1: SSH2_MSG_NEWKEYS received 
debug1: SSH2_MSG_EXT_INFO received 
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug1: Authentications that can continue: publickey,keyboard-interactive 
debug1: Next authentication method: publickey 
debug1: Trying private key: /home/peter/.ssh/id_rsa_gogs 
Enter passphrase for key '/home/peter/.ssh/id_rsa_gogs': 
debug1: Authentication succeeded (publickey). 
Authenticated to 192.168.178.50 ([192.168.178.50]:10022). 
debug1: channel 0: new [client-session] 
debug1: Requesting no-more-sessions@openssh.com 
debug1: Entering interactive session. 
debug1: pledge: network 
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 
debug1: Remote: Forced command. 
debug1: Remote: Port forwarding disabled. 
debug1: Remote: X11 forwarding disabled. 
debug1: Remote: Agent forwarding disabled. 
debug1: Remote: PTY allocation disabled. 
debug1: Sending environment. 
debug1: Sending env LC_TELEPHONE = de_DE.UTF-8 
debug1: Sending env LANG = en_US.UTF-8 
debug1: Sending env LC_NAME = de_DE.UTF-8 
debug1: Sending env LC_MEASUREMENT = de_DE.UTF-8 
debug1: Sending env LC_IDENTIFICATION = de_DE.UTF-8 
debug1: Sending env LC_MONETARY = de_DE.UTF-8 
debug1: Sending env LC_PAPER = de_DE.UTF-8 
debug1: Sending env LC_ADDRESS = de_DE.UTF-8 
debug1: Sending env LC_NUMERIC = de_DE.UTF-8 
Hi there, You've successfully authenticated, but Gogs does not provide shell access. 
If this is unexpected, please log in with password and setup Gogs under another user. 
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0 
debug1: channel 0: free: client-session, nchannels 1 
Transferred: sent 3268, received 3096 bytes, in 0.2 seconds 
Bytes per second: sent 15416.0, received 14604.6 
debug1: Exit status 0 

Il semble échouer si je lance ssh -Tv git@192.168.178.10 -p 10022 (pas préciser KeyFile directement):

OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016 
debug1: Reading configuration data /home/peter/.ssh/config 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 19: Applying options for * 
debug1: Connecting to 192.168.178.50 [192.168.178.50] port 10022. 
debug1: Connection established. 
debug1: key_load_public: No such file or directory 
debug1: identity file /home/peter/.ssh/id_rsa type -1 
debug1: key_load_public: No such file or directory 
debug1: identity file /home/peter/.ssh/id_rsa-cert type -1 
debug1: key_load_public: No such file or directory 
debug1: identity file /home/peter/.ssh/id_dsa type -1 
debug1: key_load_public: No such file or directory 
debug1: identity file /home/peter/.ssh/id_dsa-cert type -1 
debug1: key_load_public: No such file or directory 
debug1: identity file /home/peter/.ssh/id_ecdsa type -1 
debug1: key_load_public: No such file or directory 
debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1 
debug1: key_load_public: No such file or directory 
debug1: identity file /home/peter/.ssh/id_ed25519 type -1 
debug1: key_load_public: No such file or directory 
debug1: identity file /home/peter/.ssh/id_ed25519-cert type -1 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 
debug1: match: OpenSSH_7.4 pat OpenSSH* compat [REMOVED] 
debug1: Authenticating to 192.168.178.50:10022 as 'git' 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug1: kex: algorithm: curve25519-sha256@libssh.org 
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none 
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none 
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:[REMOVED] 
debug1: Host '[192.168.178.50]:10022' is known and matches the ECDSA host key. 
debug1: Found key in /home/peter/.ssh/known_hosts:[REMOVED] 
debug1: rekey after [REMOVED] blocks 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug1: rekey after [REMOVED] blocks 
debug1: SSH2_MSG_NEWKEYS received 
debug1: SSH2_MSG_EXT_INFO received 
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug1: Authentications that can continue: publickey,keyboard-interactive 
debug1: Next authentication method: publickey 
debug1: Trying private key: /home/peter/.ssh/id_rsa 
debug1: Trying private key: /home/peter/.ssh/id_dsa 
debug1: Trying private key: /home/peter/.ssh/id_ecdsa 
debug1: Trying private key: /home/peter/.ssh/id_ed25519 
debug1: Next authentication method: keyboard-interactive 
debug1: Authentications that can continue: publickey,keyboard-interactive 
debug1: No more authentication methods to try. 
Permission denied (publickey,keyboard-interactive). 

Vérifiez également si le même problème est observé en vous enregistrant et en utilisant une clé ssh sans aucune phrase secrète.

Le résultat est le même sans phrase de passe.

Je ne sais pas si cela importe mais je dois cela à l'intérieur ~/.ssh/config pour Gogs

Host 192.168.178.50:10022 
    HostName 192.168.178.50:10022 
    IdentityFile ~/.ssh/id_rsa_gogs 
    User Peter 

Answer 1

Host 192.168.178.50:10022 
    HostName 192.168.178.50:10022 
    IdentityFile ~/.ssh/id_rsa_gogs 
    User Peter 

ssh n'accepte pas un numéro de port dans le cadre soit des Host ou Hostname options ici. Par conséquent, il ne reconnaît pas que cette entrée doit s'appliquer à vos tentatives de connexion et n'applique pas le fichier ou l'utilisateur d'identité.

Si vous avez juste besoin de correspondre à l'adresse IP, cela devrait fonctionner:

Host 192.168.178.50 
    Port 10022 
    IdentityFile ~/.ssh/id_rsa_gogs 
    User Peter 

Si vous avez vraiment besoin de faire correspondre sur le port, cela devrait fonctionner:

Match host 192.168.178.50 exec "test %p = 10022" 
    IdentityFile ~/.ssh/id_rsa_gogs 
    User Peter 

Cela va le test commande pour tester la valeur du port. "% p" sera remplacé par la valeur de port que ssh utilisera jusqu'à ce point (soit la valeur par défaut de 22 ou la valeur de la ligne de commande). test est également connu sous le nom [; C'est un utilitaire de ligne de commande principalement utilisé dans les scripts shell dans le cadre d'une instruction if.

Answer 2

Essayez un ssh -Tv git@192.168.178.50 -p 10022 -i /home/peter/.ssh/id_rsa_gogs afin de comprendre ce qui est réellement la cause de l'erreur.

Vérifiez également si le même problème est observé lors de l'enregistrement et de l'utilisation d'une clé ssh sans toute phrase secrète. (Même si public keys don't have the passphrase)