Common errors when using SSH keys on Gitlab

by Daniel Pham
Published: Updated:
This entry is part 8 of 9 in the series Install Gitlab CE on Ubuntu 18

Common errors when using SSH keys on Gitlab. In fact, when operating the Gitlab system, you may encounter many different errors.

In this article, I only list certain errors that you may encounter while operating and using the Gitlab CE system.

The assumption is:

  • The Gitlab system you have set up allows the use of both HTTPS and SSH protocols, and has set up an SSH shell in Gitlab’s configuration file.
  • The server has opened port 22 on the firewall, allowing users to connect via ssh.
Common errors when using SSH keys on Gitlab
Common errors when using ssh keys on gitlab.

Remote host identification has changed

Error: looks like this.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for git.yourdomain.com has changed,
and the key for the corresponding IP address 192.168.1.11
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:O95IcJNrtrho3qpYv6jC4N7mbBOUgsTcjrb2tWoNMpo.
Please contact your system administrator.

Cause: Gitlab system has been migrated to another server or the IP address has changed. This makes the server identity different than on the user’s computer.

Error handling: you run the command below on the user’s computer. Replace username and git.yourdomain.com with the user computer and system domain, respectively.

$ ssh-keygen -f "/home/username/.ssh/known_hosts" -R "git.yourdomain.com"

Permission denied (publickey)

Error: the error will have content like this.

$ git clone [email protected]:user/test.git
Cloning into 'test'...
The authenticity of host 'git.yourdomain.com (192.168.1.11)' can't be established.
ECDSA key fingerprint is SHA256:O95IcJNrtrho3qpYv6jC4N7mbBOUgsTcjrb2tWoNMpo.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'git.yourdomain.com,192.168.1.11' (ECDSA) to the list of known hosts.
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Cause: This error is because you put the ssh key in a different place than the default directory /home/user/.ssh/id_rsa, or your key has a different name that is not id_rsa.

Error handling: to fix this error, you just need to specify the ssh key every time you run the git command.

$ ssh-agent bash -c 'ssh-add /home/user/Desktop/id_rsa; git clone [email protected]:user/test.git'

Too many authentication failures

Even though you have correctly added the ssh key, you still cannot authenticate to the system.

Error:

  • Error content on the user’s computer.
Received disconnect from 192.168.1.11 port 22:2: Too many authentication failures
Disconnected from 192.168.1.11 port 22
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
  • Error content displayed on Gitlab server.
Aug 4 14:33:49 git sshd[28403]: User git not allowed because account is locked

Cause: when a user uses the ssh key to connect to the Gitlab system, the user will be converted to a git user on the server. And this error is because the user is unable to authenticate with the git user on the server.

Error handling: to handle this error, perform the following steps.

Check the file /etc/ssh/sshd_config with the following values.

UsePAM no
PasswordAuthentication no

If the value is different from the above two lines, change it and restart the ssh service.

service sshd restart

Next, delete the git user password.

passwd -d git

Conclusion

Above, I mentioned 3 errors you may encounter while operating the Gitlab system. At some point, users may report these errors to you. And you know, you can handle it easily.

0 0 votes
Article Rating
Series Navigation«« Previous part: Migrate Gitlab CE to new serverNext part: Fix cannot unblock LDAP blocked users »»

You may also like

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

DevOps Lite is a personal blog specializing in technology with main topics about DevOps, DevSecOps, SRE and System Administrator. Articles are shared for free and contributed to the community.

SUPPORT US

FOLLOW US

Subscribe my Newsletter for new blog posts. Stay updated from your inbox!

© 2021-2024 DevOpsLite.com – All rights reserved.

Please write sources “DevOpsLite.com” when using articles from this website.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

0
Would love your thoughts, please comment.x
()
x

Adblock Detected

Please support us by disabling your AdBlocker extension from your browsers for our website.