公司搭建的gitlab,通过http协议可以clone:
[sisi@pre-srv24 gitlab]$ git clone http://gitlab.test.mycompany.com/dev_group/test_project1.git
Cloning into 'test_project1'...
Username for 'http://gitlab.test.mycompany.com': sisi
Password for 'http://sisi@gitlab.test.mycompany.com':
remote: Counting objects: 11, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 11 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (11/11), done.
但是用ssh clone就会失败
[sisi@pre-srv44 ssh]$ git clone git@gitlab.test.mycompany.com:dev_group/test_project1.git
Cloning into 'test_project1'...
The authenticity of host 'gitlab.test.mycompany.com (123.56.11.231)' can't be established.
RSA key fingerprint is 5d:62:8d:b7:d7:51:03:87:ea:65:ce:35:6c:ee:95:7a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.test.mycompany.com,123.56.11.231' (RSA) to the list of known hosts.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
解决方案
(1)修改/etc/ssh/sshd_config文件
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
(2)改权限及公钥
#chmod 700 /root/.ssh
#chmod 644 /root/.ssh/authorized_keys
并把本地主机的pub公钥放到/root/.ssh/authorized_keys
(3)重启sshd
service restart
但是之后用ip测试连接成功,用域名则失败
[sisi@pre-srv44 ssh]$ ssh -T git@172.16.181.60
Welcome to GitLab, sisi!
[sisi@pre-srv44 ssh]$ ssh -T git@gitlab.test.mycompany.com
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
git clone的结果也是一样的
[sisi@pre-srv44 ssh]$ git clone git@gitlab.test.mycompany.com:dev_group/test_project1.git
Cloning into 'test_project1'...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
[sisi@pre-srv44 ssh]$ git clone git@172.16.181.60:dev_group/test_project1.git
Cloning into 'test_project1'...
remote: Counting objects: 11, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 11 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (11/11), done.
[sisi@pre-srv44 ssh]$
用IP可以克隆,用域名还不行
那么问题在于域名是否正确解析为正确的ip
[sisi@pre-srv44 .ssh]$ host gitlab.test.mycompany.com
gitlab.test.mycompany.com has address 123.56.11.231
[sisi@pre-srv44 ssh]$ ping gitlab.test.mycompany.com
PING gitlab.test.mycompany.com (172.16.181.60) 56(84) bytes of dat
不同方式获取的IP不一致,是导致ssh用域名访问不行的原因
而执行git clone时连接的服务器地址放在.ssh/known_hosts中,从其中可以看出域名被解析成123.56.11.231,
即与host命令查到的ip一致,都是错误的
解决方案:
(1)删除 .ssh/known_hosts中错误的域名ip记录
(2)在/etc/hosts增加域名与正确ip的对应
[sisi@pre-srv44 .ssh]$ sudo vi /etc/hosts
增加一行
172.16.181.60 gitlab.test.mycompany.com
再测试成功如下:
[sisi@pre-srv44 ssh]$ git clone git@gitlab.test.mycompany.com:dev_group/test_project1.git
Cloning into 'test_project1'...
The authenticity of host 'gitlab.test.mycompany.com (172.16.181.60)' can't be established.
RSA key fingerprint is ba:ec:d0:b3:b3:1e:39:10:fc:b2:ac:3d:41:ff:d1:50.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.test.mycompany.com,172.16.181.60' (RSA) to the list of known hosts.
remote: Counting objects: 11, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 11 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (11/11), done.
[sisi@pre-srv44 ssh]$ ls
test_project1