問題與gitlab通過ssh訪問存儲庫

Question

對不起，這將是一個相當詳細的帖子，如果只是爲了澄清我的一切。一切似乎配置正確並且正在運行：

bundle exec rake gitlab:check RAILS_ENV=production 

只能提供綠色指示燈。 添加SSH密鑰似乎做工精細，我們可以把罰款以https：//

當我們嘗試與客戶端連接，我們得到：

$ git push -u origin master 
fatal: Could not read from remote repository. 

Please make sure you have the correct access rights 
and the repository exists. 

探索這進一步得出：

$ GIT_TRACE=1 git push -u origin master 
trace: built-in: git 'push' '-u' 'origin' 'master' 
trace: run_command: 'ssh' '-p' '2222' 'gitlab@myserver.net' 'git-receive-pack '\''/root/test1.git'\''' 
fatal: Could not read from remote repository. 

Please make sure you have the correct access rights 
and the repository exists. 

並運行此與調試信息產生除了退出代碼1以外沒有什麼有趣的。

看着服務器上的日誌，而我們嘗試和連接我們得到這個（它是在Arch Linux的運行）：

$ journalctl -f 

Jan 21 21:42:59 michaelarch sshd[2633]: Accepted publickey for gitlab from 192.168.1.1 port 58207 ssh2: ECDSA XX:e3:XX:aa:XX:0a:XX:37:XX:ad:XX:4f:XX:ab:ab:XX 
Jan 21 21:42:59 michaelarch sshd[2633]: pam_unix(sshd:session): session opened for user gitlab by (uid=0) 
Jan 21 21:42:59 michaelarch systemd[1]: Starting user-1001.slice. 
Jan 21 21:42:59 michaelarch systemd[1]: Created slice user-1001.slice. 
Jan 21 21:42:59 michaelarch systemd[1]: Starting User Manager for 1001... 
Jan 21 21:42:59 michaelarch systemd[1]: Starting Session 20 of user gitlab. 
Jan 21 21:42:59 michaelarch systemd-logind[461]: New session 20 of user gitlab. 
Jan 21 21:42:59 michaelarch systemd[1]: Started Session 20 of user gitlab. 
Jan 21 21:42:59 michaelarch systemd[2635]: pam_unix(systemd-user:session): session opened for user gitlab by (uid=0) 
Jan 21 21:42:59 michaelarch systemd[2635]: Failed to open private bus connection: Failed to connect to socket /run/user/1001/dbus/user_bus_socket: No such file or directory 
Jan 21 21:42:59 michaelarch systemd[2635]: Mounted /sys/kernel/config. 
Jan 21 21:42:59 michaelarch systemd[2635]: Mounted /sys/fs/fuse/connections. 
Jan 21 21:42:59 michaelarch systemd[2635]: Stopped target Sound Card. 
Jan 21 21:42:59 michaelarch systemd[2635]: Starting Default. 
Jan 21 21:42:59 michaelarch systemd[2635]: Reached target Default. 
Jan 21 21:42:59 michaelarch systemd[2635]: Startup finished in 23ms. 
Jan 21 21:42:59 michaelarch systemd[1]: Started User Manager for 1001. 
Jan 21 21:42:59 michaelarch sshd[2636]: Received disconnect from 192.168.1.1: 11: disconnected by user 
Jan 21 21:42:59 michaelarch sshd[2633]: pam_unix(sshd:session): session closed for user gitlab 
Jan 21 21:42:59 michaelarch systemd-logind[461]: Removed session 20. 
Jan 21 21:42:59 michaelarch systemd[1]: Stopping User Manager for 1001... 
Jan 21 21:42:59 michaelarch systemd[2635]: Stopping Default. 
Jan 21 21:42:59 michaelarch systemd[2635]: Stopped target Default. 
Jan 21 21:42:59 michaelarch systemd[2635]: Starting Shutdown. 
Jan 21 21:42:59 michaelarch systemd[2635]: Reached target Shutdown. 
Jan 21 21:42:59 michaelarch systemd[2635]: Starting Exit the Session... 
Jan 21 21:42:59 michaelarch systemd[1]: Stopped User Manager for 1001. 
Jan 21 21:42:59 michaelarch systemd[1]: Stopping user-1001.slice. 
Jan 21 21:42:59 michaelarch systemd[1]: Removed slice user-1001.slice. 

現在我的猜想是，在線路發生故障DBUS：

Jan 21 21:42:59 michaelarch systemd[2635]: Failed to open private bus connection: Failed to connect to socket /run/user/1001/dbus/user_bus_socket: No such file or directory 

可能會造成問題，但我想不出它我幾乎已經達到了我的知識範圍。

當然有很多配置文件，但我想我已經研究過所有這些文件，任何想法或測試都非常受歡迎。

認證似乎運行成功：

ssh -vvT gitlab@myserver.net 

給出：

...... 
debug1: Server accepts key: pkalg ecdsa-sha2-nistp521 blen 172 
debug2: input_userauth_pk_ok: fp XX:e3:XX:aa:af:0a:ca:37:08:ad:XX:4f:XX:ab:ab:XX 
debug1: read PEM private key done: type ECDSA 
debug1: Authentication succeeded (publickey). 
Authenticated to myserver.net ([11.123.5.462]:22). 
debug1: channel 0: new [client-session] 
debug2: channel 0: send open 
debug1: Requesting no-more-sessions@openssh.com 
debug1: Entering interactive session. 
debug1: Remote: Forced command. 
debug1: Remote: Port forwarding disabled. 
debug1: Remote: X11 forwarding disabled. 
debug1: Remote: Agent forwarding disabled. 
debug1: Remote: Pty allocation disabled. 
debug1: Remote: Forced command. 
debug1: Remote: Port forwarding disabled. 
debug1: Remote: X11 forwarding disabled. 
debug1: Remote: Agent forwarding disabled. 
debug1: Remote: Pty allocation disabled. 
debug2: callback start 
debug2: fd 3 setting TCP_NODELAY 
debug2: client_session2_setup: id 0 
debug2: channel 0: request shell confirm 1 
debug2: callback done 
debug2: channel 0: open confirm rwindow 0 rmax 32768 
debug2: channel 0: rcvd adjust 2097152 
debug2: channel_input_status_confirm: type 99 id 0 
debug2: shell request accepted on channel 0 
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0 
debug2: channel 0: rcvd eow 
debug2: channel 0: close_read 
debug2: channel 0: input open -> closed 
debug2: channel 0: rcvd eof 
debug2: channel 0: output open -> drain 
debug2: channel 0: obuf empty 
debug2: channel 0: close_write 
debug2: channel 0: output drain -> closed 
debug2: channel 0: rcvd close 
debug2: channel 0: almost dead 
debug2: channel 0: gc: notify user 
debug2: channel 0: gc: user detached 
debug2: channel 0: send close 
debug2: channel 0: is dead 
debug2: channel 0: garbage collecting 
debug1: channel 0: free: client-session, nchannels 1 
Transferred: sent 3780, received 2908 bytes, in 0.0 seconds 
Bytes per second: sent 76566.5, received 58903.5 
debug1: Exit status 1 

編輯：在迴應評論添加更多細節。

Answer 1

我目前有完全相同的問題。經過一番嘗試，我發現了以下內容：gitlab用戶應該無法登錄，因此它在/ etc/passwd中的shell被設置爲/ bin/false。對於SSH訪問，在〜gitlab/.ssh/authorized_keys中定義了一個強制命令，該命令以密鑰作爲參數執行gitlab-shell，以使連接用戶可以訪問基本的git操作。

現在我發現雖然/ etc/passwd中的用戶shell設置爲/ bin/false，但強制命令機制根本不起作用，並且ssh連接掛斷。解決方法是隻給用戶一個默認的登錄shell，以便強制執行命令。

但是，說實話，我不知道這是否應該如何工作，尤其是強制命令是否應該只在用戶具有功能登錄shell時才起作用（即默認爲我比較喜歡把shell設置爲/ bin/false，這樣當authorized_keys文件中的配置正確時，用戶得到的是gitlab-shell，如果沒有的話，用戶不會得到任何東西。現在，配置錯誤會給予用戶比我想要的更多的權利。）