Gitlab asks for git user password when pushing a repo.

[arnaudchenyensu]

When I push a repo, Gitlab asks me the password for the git user:
git@gitlab.mydomain.com's password:

When I try:

> ssh -Tvvv git@ns24652.ip-91-121-24.eu
...
debug1: Found key in /Users/arnaud/.ssh/known_hosts:18
debug2: bits set: 505/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/arnaud/.ssh/id_rsa (0x7fbf42500380),
debug2: key: /Users/arnaud/.ssh/id_dsa (0x7fbf42500220),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/arnaud/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering DSA public key: /Users/arnaud/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
git@gitlab.mydomain.com's password:

I tried the solution at issue #26 and other solutions on internet but nothing worked.

[sameersbn]

@arnaudchenyensu have you added you ssh public key to the gitlab profile?

[arnaudchenyensu]

Yes. I decided to give up Gitlab, I wasted too much time. BTW your docker-redmine works like a charm.

[sameersbn]

@arnaudchenyensu i am sorry to hear that. Due to my travel i was not able to respond to your query quickly.

In case you decide to try out gitlab in the future, please note the following:
You cannot ssh to the gitlab server as git user, that is not allowed even if you have added your your ssh key via gitlab. You can only push/pull as the git user. You can login as the root user if need be.

If you are using docker-0.9.0, then please consider upgrading to 0.9.1 as there is some issue in docker-0.9.0 due to which ssh interactive login does not work.

Lastly, you can only push to the git server after you have added your ssh public key to your account and have write access to the repo you are trying to push to.

[jirikolarik]

I have the same issue using docker 0.10.0 build dc9c28f. I have added my public key and this key is in authorized_keys file)

[sameersbn]

@jirikolarik
just a note:

• the public key should be added from the gitlab interface, you should not directly edit the authorized_keys file. you can check the authorized_keys file if your key is listed
• you should be a member of the project to push commits to.

edit:

• please make sure you are actually connecting to the gitlab server. try an ssh login as root using the instructions on the README. Check if that works.

If the above two items do not concern you then please try starting the image with the -h option set to whatever you have set your GITLAB_HOST parameter to. For example, if you have set the GITLAB_HOST option to gitlab.local.host, then add -h gitlab.local.host option to the gitlab run command.

Let me know if it works.

[jirikolarik]

@sameersbn thanks for you time.

I added key via gitlab interface, I just checked if is stored in file and it is. And I'm member and owner of this group. It's working fine on gitlab.com. I have GITLAB_HOST set, but without port, that may invoke this problem.

I'll try to log in as root as soon as possible. Thanks again.

[sameersbn]

@jirikolarik I have a feeling that when you are trying to push/pull the connection is not being made to the gitlab container and maybe it is being done to the host. You can try push or pull by replacing the GITLAB_HOST part of the git repo url with the ip address of the container.

Please check issue #38 if that is the case.

[jirikolarik]

@sameersbn you are absolutely right, I was connecting to Docker host. Now its working fine on localhost, but I cannot make it work on remote host. When I clone/push repository, it raise this error:

jiris-imac:connect jirikolarik$ git push -u origin master
 /usr/lib/ruby/2.0.0/net/http.rb:878:in `initialize': Connection timed out - connect(2) (Errno::ETIMEDOUT)
    from /usr/lib/ruby/2.0.0/net/http.rb:878:in `open'
    from /usr/lib/ruby/2.0.0/net/http.rb:878:in `block in connect'
    from /usr/lib/ruby/2.0.0/timeout.rb:52:in `timeout'
    from /usr/lib/ruby/2.0.0/net/http.rb:877:in `connect'
    from /usr/lib/ruby/2.0.0/net/http.rb:862:in `do_start'
    from /usr/lib/ruby/2.0.0/net/http.rb:851:in `start'
    from /home/git/gitlab-shell/lib/gitlab_net.rb:75:in `get'
    from /home/git/gitlab-shell/lib/gitlab_net.rb:30:in `allowed?'
    from /home/git/gitlab-shell/lib/gitlab_shell.rb:59:in `validate_access'
    from /home/git/gitlab-shell/lib/gitlab_shell.rb:23:in `exec'
    from /home/git/gitlab-shell/bin/gitlab-shell:16:in `<main>'
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

And this is command to create Docker container.

docker run --name=gitlab -d --link postgresql:postgresql \
  -e "DB_USER=gitlab" -e "DB_PASS=pass" \
  -e "DB_NAME=gitlabhq_production" \
  -e "GITLAB_HOST=IP_OF_REMOTE_SERVER" -e "GITLAB_PORT=49200" -e "GITLAB_SHELL_SSH_PORT=49222" \
  -v /opt/gitlab/data:/home/git/data \
  -p 49200:80 \
  -p 49222:22 \
  sameersbn/gitlab:latest 

I'm running on latest build

[sameersbn]

@jirikolarik can you try to clone from the docker host machine with the same command you are using on the remote machine?

[jirikolarik]

@sameersbn it doesn't work even on local machine. I give up..

[sameersbn]

I think the main issue is that you are setting an IP address for the GITLAB_HOST. I imagine that could be the root cause of all your problems. Can you setup a DNS entry for the IP. Also consider changing using the default ssh and http ports..

[jirikolarik]

The result is the same with IP or with domain. I didn't figure out, how can I use default ssh port, when the same port is used by Docker host.

[jirikolarik]

@sameersbn problem solved, I need to have IP of container in gitlab-shell/config.yml

[sameersbn]

@jirikolarik actually that value used to be hard coded to localhost. but as suggested in #26 i changed that to GITLAB_HOST. I should have left it as localhost. I am going to revert that commit and push the changes.

[sameersbn]

@jirikolarik i found that reverting the change does not fix this issue. I have left it as is.
To use the standard ssh port for the container, simple change the Port the hosts ssh server is configured to listen on in /etc/ssh/sshd_config. So only when you want to login to the host you would need to specify the ssh port number using the -p option on the ssh command. This is better than running gitlab's ssh server on a port other than port 22 for two reasons:

• you have nice clean git urls
• in the future if you decide to use port 22 you will not have to ask all your users to update the git urls on their repos.

For port 80, this can be achieved using haproxy, but this requires that you have configured domain names to point to your server.

[jirikolarik]

I'm using another solution, when you add port of containers ssh into ~/.ssh/config and run container without specifying GITLAB_SHELL_PORT, only with port -p 2222:22, there will be clean git urls too.

Host GITLAB_HOST
Port 2222

I'm not familiar with haproxy yet, so currently dockerized nginx serve Gitlab on port 80.

It works like a charm, thanks for your awesome work! :)

[sameersbn]

@jirikolarik I get it. Problem is instructing all users to perform this configuration could become a headache. I am fine as long as it works for you.

[raphaelfan]

Hi, I tried using standard ssh port for the container, but it is still prompting for the git password when pushing to the repo.

This is the command to start the gitlab container:

docker run --name='gitlab' -d -h "$DOCKER_HOST" \
  -v /srv/gitlab:/home/git/data \
  --link mysql:mysql \
  --link redis:redisio \
  -p 22:22 -p 80:80 \
  -e "GITLAB_PORT=80"  \
  -e "GITLAB_HOST=$DOCKER_HOST" \
  sameersbn/gitlab:7.0.0

I was able to ssh to the container as root.
I was also able to see the uploaded key file in $DOCKER_HOST/srv/gitlab/.ssh/authorized_keys.
Please help, thanks.

[raphaelfan]

Never mind, chmod 755 /srv/gitlab fixes the problem.

[sameersbn]

@raphaelfan thanks for the info. I will update the init script to chmod the directory at startup.

[oopTiger]

Hello,

I installed gitlab and everything is working fine, when i try to do the following
ssh git@domain.com

I get the following error

PTY allocation request failed on channel 0
Welcome to GitLab, Jhon!
Connection to domain.com closed.

I read the above comment

You cannot ssh to the gitlab server as git user, that is not allowed even if you have added your your ssh key via gitlab. You can only push/pull as the git user. You can login as the root user if need be.

Is this true for all cases. I installed gitlab on centos 6.5. I just want to make sure that we cannot enable interactive services for a git user on gitlab and the result i got was the one that should be expected.

Thanks!!

[sameersbn]

@oopTiger this is true for all cases. I think it is not even possible to make git over ssh work without disabling login access to the git user, this is because the ssh server is configured to launch the gitlab-shell when a ssh login occurs.

[mbannert]

@sameersbn You cannot ssh to the gitlab server as git user thanks for stating this!! I wasted a lot of time cause I tried to clone using the git user. Pull / push seems to work. Gitlab seems really nice to me know.

[sameersbn]

@mbannert please note, using this image you should be able to clone git repos via HTTP as well as SSH.

[18601673727]

Is this issue got solved? I met this issue when i do:

git clone git@git.mydomain.com:myaccount/xxx.git
Cloning into 'xxx'...
git@git.mydomain.com's password:
Permission denied, please try again.  # I don't know this password, so pressed "enter"

I used omnibus version of Gitlab before and SSH is fine without password required.

So, there is a load balancer in front of docker-gitlab and docker-compose.yml configured like this:

  ports:
    - "10080:80"
    - "10022:22"
  environment:
    - GITLAB_HOST=git.mydomain.com
    - GITLAB_PORT=443
    - GITLAB_SSH_PORT=22
    - GITLAB_HTTPS=true
    - SSL_SELF_SIGNED=false # Using Letsencrypt

By the way Web UI is fine and public key added with it, git clone via HTTPS way is working.

Any help would be appreciate. 😄

[bfdill]

I am in the exact same boat as @18601673727. Any pointers?

[sameersbn]

@bfdill can you create a new issue with details such as the sample docker-compose.yml file, docker version, host os in use, whether boot2docker, etc is in use?

[sameersbn]

@18601673727 Sorry for the late response.

I noticed that you have published 10022:22 while you have GITLAB_SSH_PORT=22. As a result the clone url may be wrong. To me it appears that the git clone is connecting to the host ssh server, not the containers. You need to set GITLAB_SSH_PORT=10022 and then use the new clone url which will look something like this ssh://git@git.mydomain.com:10022/my-account/xxx.git.

If you want to have clone urls like git@git.mydomain.com:myaccount/xxx.git, you will first need to configure the host SSH daemon to listen on another port. In the docker-compose.yml change 10022:22 to 22:22 and set GITLAB_SSH_PORT=22

[18601673727]

@sameersbn You're solution perfectly solved this issue, thanks!

[elyman]

I had the same problem, I spent a lot of time searching! I had the idea to use Eclipse to import the project from GitLab. Once the project is imported correctly. I made the comparison between the configuration of : project's Git ripository that I imported into Eclispe, ("in Eclipse", Git Repository, in myprojectRepo / Working Directory / .git / config) and one that is made in .git / config, there i wanted to push my project with git: git push ... and asked me for a password. Surpise: The remote does not have the same in both cases. I handed the same as that in eclipse and everything works.