Permission denied (publickey,password) adding a Git repository
問題
When adding a Git repository to Fisheye using the SSH protocol, testing the connection throws the following error in the UI:
The following appears in the atlassian-fisheye-<date>.log:
2016-04-01 15:00:00,000 ERROR [qtp1864387098-21099 ection-1459537718527] fisheye RepositoryAdminRpcServiceImpl-testRepositoryConnection - Error testing connection.
com.atlassian.fisheye.spi.admin.services.RepositoryConfigException: com.cenqua.fisheye.config.ConfigException: Error talking to repository:
Permission denied (publickey,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
at com.atlassian.fisheye.spi.admin.impl.DefaultRepositoryAdminService.testConnectionFor(DefaultRepositoryAdminService.java:864) [fisheye.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [?:1.8.0_74]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [?:1.8.0_74]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [?:1.8.0_74]
at java.lang.reflect.Method.invoke(Method.java:498) [?:1.8.0_74]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) [spring-aop-4.0.9.RELEASE.jar:4.0.9.RELEASE]
...
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [jetty-server-8.1.10.v20130312.jar:8.1.10.v20130312]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628) [jetty-io-8.1.10.v20130312.jar:8.1.10.v20130312]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) [jetty-io-8.1.10.v20130312.jar:8.1.10.v20130312]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [jetty-util-8.1.10.v20130312.jar:8.1.10.v20130312]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [jetty-util-8.1.10.v20130312.jar:8.1.10.v20130312]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_74]
Caused by: com.cenqua.fisheye.config.ConfigException: Error talking to repository:
Permission denied (publickey,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
at com.atlassian.fisheye.git.GitScmConfig.testConnection(GitScmConfig.java:120) [fisheye.jar:?]
at com.cenqua.fisheye.RepositoryConfig.testConnection(RepositoryConfig.java:428) [fisheye.jar:?]
at com.atlassian.fisheye.spi.admin.impl.DefaultRepositoryAdminService.testConnectionFor(DefaultRepositoryAdminService.java:862) [fisheye.jar:?]
... 179 more診断
Diagnostic Steps
- When having a key pair generated by Fisheye, make sure the public key generated is added to the
~/.ssh/authorized_keysfile of the user running Fisheye. From a command line, logged in as the user running Fisheye, test the SSH connection outside Fisheye:
ssh -Tv <username>@<hostname>In the command above, replace username by the name of the user that accesses the Git repository, and hostname by the hostname of the server in which the Git repository resides.
You may get an output, among which you may see the following regarding the authentication being performed:debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/user/.ssh/id_rsa debug1: Trying private key: /home/user/.ssh/id_dsa debug1: Next authentication method: password <username>@<hostname>'s password: debug1: Authentication succeeded (password).
原因
If only the password authentication succeeded, this indicates that the authentication using the public key failed.
This topic suggested checking at the Git server's /var/log/auth.log file, which could give an idea of what's happening. For this occurrence, we found an entry similar as the following:
Sep 14 01:26:31 new-server sshd[22107]: Authentication refused: bad ownership or modes for directory /home/user/.ssh
Sep 14 01:26:46 new-server sshd[22108]: Connection closed by 98.76.54.32The entry above was showing up both for the ~/.ssh directory and for the ~/.ssh/authorized_keys file. As explained by this article, SSH doesn’t like it if your home or ~/.ssh directories have group write permissions. Your home directory should be writable only by you, ~/.ssh should be 700, and authorized_keys should be 600.
ソリューション
Adjust the permissions on the referenced directory and file, as follows:
chmod 700 /home/user/.ssh
chmod 600 /home/user/.ssh/authorized_keys