Getting password prompt when pushing a new repo

[lorensr]

I've spent a ridiculous amount of time trying to get this to work. This time through I wrote down every single step. My current problem recreation steps:

• Project settings -> new git repo
• Upload public key
• Add myself as a developer on the project
• Create a repo on my dev machine
• Add gitosis@redmine:test.git as the remote origin
• git push origin master

And I get prompted for a password. I have verified that I have the private key in my ~/.ssh directory and that Redmine has the correct public key listed under http://redmine/my/public_keys. When I enter text at the prompt or just hit enter, it prompts again until it quits. Each time creates an entry in /var/log/auth.log:

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.191.240  user=gitosis
Aug 17 13:13:15 
... sshd[2542]: Failed password for gitosis from 192.168.1.2 port 56278 ssh2

What else can I do to diagnose the problem? Thank you so much!

My installation steps (Ubuntu 11.04):

#!/bin/bash                                                                                                                                                                                                                                                                   
# first argument: server name (redmine.example.com)                                                                                                                                                                                                                           

apt-get install git-core
mkdir /var/www
cd /var/www
git clone git://github.com/edavis10/redmine.git
cd redmine
git checkout -b 1.2-stable
apt-get install -y ruby  ruby1.9.1-dev libgemplugin-ruby libgemplugin-ruby1.8  mysql-server apache2-mpm-prefork wget libruby-extras libruby1.8-extras rake apache2-prefork-dev libapache-dbi-perl libapache2-mod-perl2 libdigest-sha1-perl libmysqlclient15-dev build-essenti\
al libcurl4-openssl-dev cron librmagick-ruby1.8
echo "CREATE DATABASE redmine CHARACTER SET utf8;                                                                                                                                                                                                                             
CREATE USER 'redmine'@'localhost' IDENTIFIED BY 'my_password';                                                                                                                                                                                                                
GRANT ALL privileges ON redmine.* TO 'redmine'@'localhost';                                                                                                                                                                                                                   
" | mysql -u root -p
cd redmine
echo "production:                                                                                                                                                                                                                                                             
  adapter: mysql                                                                                                                                                                                                                                                              
  database: redmine                                                                                                                                                                                                                                                           
  host: localhost                                                                                                                                                                                                                                                             
  username: redmine                                                                                                                                                                                                                                                           
  password: my_password                                                                                                                                                                                                                                                       
  encoding: utf8                                                                                                                                                                                                                                                              
" > config/database.yml
tail -n 30 config/database.yml.example >> config/database.yml
apt-get install -y rubygems1.8
gem install rails -v=2.3.11
gem install rack -v=1.1.1
gem install mysql
gem install -v=0.4.2 i18n
chown -R www-data:www-data .
chmod -R 755 files log tmp
cp Rakefile tmpR
head -n 6 tmpR > Rakefile
echo "                                                                                                                                                                                                                                                                        
require 'rake/dsl_definition'                                                                                                                                                                                                                                                 
" >> Rakefile
tail -n 4 tmpR >> Rakefile
rm tmpR
rake generate_session_store
RAILS_ENV=production rake db:migrate
RAILS_ENV=production rake redmine:load_default_data
apt-get install -y libapache2-mod-passenger
echo '                                                                                                                                                                                                                                                                        
<VirtualHost *:80>                                                                                                                                                                                                                                                            
    ServerName $1                                                                                                                                                                                                                                                             

    DocumentRoot /var/www/redmine/public                                                                                                                                                                                                                                      

    PassengerDefaultUser www-data                                                                                                                                                                                                                                             
    RailsEnv production                                                                                                                                                                                                                                                       
    RailsBaseURI /redmine                                                                                                                                                                                                                                                     
    SetEnv X_DEBIAN_SITEID "default"                                                                                                                                                                                                                                          
    <Directory /var/www/redmine/public>                                                                                                                                                                                                                                       
        Order allow,deny                                                                                                                                                                                                                                                      
        Allow from all                                                                                                                                                                                                                                                        
    </Directory>                                                                                                                                                                                                                                                              
</VirtualHost>                                                                                                                                                                                                                                                                
' > /etc/apache2/sites-available/redmine
echo "                                                                                                                                                                                                                                                                        
Include /etc/apache2/mods-available/passenger.conf                                                                                                                                                                                                                            
" >> /etc/apache2/apache2.conf
ln -s /etc/apache2/sites-available/redmine /etc/apache2/sites-enabled/redmine
rm /etc/apache2/sites-enabled/000-default
gem install inifile
apt-get install -y libnet-ssh-ruby1.8 python-setuptools
gem install lockfile net-ssh
apt-get install -y gitosis git-daemon-run acl
/etc/init.d/apache2 restart

Activate acl for my partition, reboot, then:

#!/bin/bash
sudo -H -u gitosis ssh-keygen -t dsa
sudo -u gitosis cat /srv/gitosis/.ssh/id_dsa.pub | sudo -H -u gitosis gitosis-init
sudo sed -i.orig 's:/var/cache:/srv/gitosis:g' /etc/sv/git-daemon/run
setfacl -m user:www-data:r-x,mask:r-x /srv/gitosis/.ssh
setfacl -m user:www-data:r--,mask:r-- /srv/gitosis/.ssh/id_dsa
cd /var/www/redmine
script/plugin install git://github.com/xdissent/redmine_gitosis.git
sudo -u www-data X_DEBIAN_SITEID=default RAILS_ENV=production rake db:migrate:plugins
/etc/init.d/apache2 restart

[sebix]

Is your SSH-Key not password-secured? Otherwise, there should be a prompt, of course. How did you create your own SSH-Key?

[lorensr]

Thank you for your time!

openssl genrsa -des3 -out redmine-private.pem 2048
openssl rsa -in redmine-private.pem -pubout > redmine.pub

It is password-secured, but the prompt is:

$ git push origin master
gitosis@redmine's password: 
Permission denied, please try again.

and the password I used when creating the key does not work.

[y8]

Um, why you tying to connect using gitosis user? Are you sure that your installation uses it instead of git?

I mean git origin: gitosis@redmine:test.git

[lorensr]

I tried git@redmine:test.git and got the same results, but apt-get install gitosis sets up the user gitosis, which is why the sudo's in the last part of my bash record are as gitosis.

[y8]

I'm sure, this is not an redmine-gitosis issue, but you should start from looking into /var/logs/secure (or what debian uses for authentication logging), and see what happens. Don't forget to start sshd with debug-level logging.

[lorensr]

I stopped my sshd and started it with sudo /usr/sbin/sshd -ddd

Here is the output: https://gist.github.com/1154120

So it appears to be looking in /srv/gitosis/.ssh/authorized_keys. Should the redmine_gitosis plugin be placing the public keys uploaded by redmine users in that file?

[y8]

There something wrong with your installation. Can you paste /srv/gitosis/.ssh/authorized_keys. contents? There something wrong with key file:

debug2: key_type_from_name: unknown key type 'command="gitosis-serve'
debug3: key_read: missing keytype

[lorensr]

### autogenerated by gitosis, DO NOT EDIT
command="gitosis-serve gitosis@redmine",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAA...[one long random string here]...= gitosis@redmine

[t2lt]

you may try to sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update

[lorensr]

Thanks - I tried sudo chmod 755 /srv/gitosis/repositories/gitosis-admin.git/hooks/post-update, but no change.

[lorensr]

Should I try reinstalling gitosis in a different manner from above? Or is there another issue page / mailing list I should try?

[y8]

Yes, I think you should try from scratch. First of all, befo setting redmine integration, make sure that gitosis itself work well.

[lorensr]

On the server:

git clone git://eagain.net/gitosis
cd gitosis
python setup.py install
sudo adduser     --system     --shell /bin/sh     --gecos 'git version control'     --group     --disabled-password     --home /srv/git git
sudo -H -u git ssh-keygen -t dsa
sudo -u git cat /srv/git/.ssh/id_dsa.pub | sudo -H -u git gitosis-init
sudo scp /srv/git/.ssh/id_dsa me@client:~/.ssh/git_pri

On the client:

$ git clone git@redmine:gitosis-admin.git
Cloning into gitosis-admin...
git@redmine's password: 
Permission denied, please try again.

How does git know to use ~/.ssh/git_pri? Could that be the problem? When I use a key with ssh I do ssh -i ~/.ssh/key.pem user@host.