linux - 无法在 Windows 上克隆，但可以从 Gitlab 服务器在 Linux 上克隆

Question

我正在尝试通过 SSH 从远程 Gitlab 服务器克隆存储库。我正在使用 Gitlab CE 版本 9.3.9 755bb71 和 TortoiseGIT 版本 2.5.0 和 git (for windows) version 2.14.0

SSH key 已正确安装，因为我已经使用

测试了身份验证

ssh -vT git@192.168.100.100 -i /path/to/.ssh/key

我收到以下消息，表示使用上述 key 验证成功

OpenSSH_7.5p1, OpenSSL 1.0.2k  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.100.100 [192.168.100.100] port 22.
debug1: Connection established.
debug1: identity file /path/to/.ssh/key type 1
debug1: key_load_public: No such file or directory
debug1: identity file /path/to/.ssh/key-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 192.168.100.100:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:fEztD+bNxKRs24poXJMlP0GBAP6Q1dZT80OhQAtDQJE
debug1: Host '192.168.100.100' is known and matches the ECDSA host key.
debug1: Found key in /path/to/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /path/to/.ssh/key
debug1: Server accepts key: pkalg ssh-rsa blen 535
Enter passphrase for key '/path/to/.ssh/key':
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.100.100 ([192.168.100.100]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
Welcome to GitLab, John Doe!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3476, received 3264 bytes, in 2.2 seconds
Bytes per second: sent 1574.0, received 1478.0
debug1: Exit status 0

当我在 Windows 上使用 TortoiseGit 克隆存储库时，我在客户端收到以下错误

Cloning into 'C:\path\folder'...
GitLab: Disallowed command
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

在 gitlab 服务器上，在 gitlab-shell.log 中我收到以下警告消息

WARN -- : gitlab-shell: Attempt to execute disallowed command <git upload-pack '/path/to/repo.git'> by user with key key-1.

但是，当我从另一台使用不同 SSH key 的 Linux 机器上尝试 git clone 时，它成功了，我在 gitlab 上的 gitlab-shell.log 中收到了以下信息消息服务器

INFO -- : gitlab-shell: executing git command <gitaly-upload-pack  {"repository":{"path":"/very/long/path/to/repo.git"},"gl_id":"key-2"}> for user with key key-2.

我花了 10 多个小时尝试调试所有内容，但我不确定有什么区别或问题到底出在哪里。我还尝试在我的本地 .gitconfig 文件中为 TortoiseGit 添加以下内容，但这并没有改变任何东西。

[remote "origin"]
  uploadpack = git-upload-pack

最后，通过 HTTPS 克隆相同的存储库工作正常，使用用户名/密码没有任何问题。

Answer 1

注意:我刚刚升级到适用于 Windows 的 Git 2.14.0... 并且所有 ssh url 都不起作用:

> git ls-remote
GitLab: Disallowed command
fatal: Could not read from remote repository.

(origin 是一个 ssh url)

另一个副作用:git-for-windows/git issue 1258

fatal: protocol error: bad line length character: Not

It looks as if BitBucket looks at argv[0] (typically git-upload-pack, with the regression git) to determine whether it is a permitted command.

So I think it is by design that git is rejected while git-upload-pack is not.

GitLab 上的同类错误:gitlab-ce issue 36028 .
pending merge request 在检测到 git xxx 命令时显式恢复 git-xxx。

参见 gitlab_shell.rb#parse_cmd(args)

  def parse_cmd(args)
    # Handle Git for Windows 2.14 using "git upload-pack" instead of git-upload-pack
    if args.length == 3 && args.first == 'git'
      @command = "git-#{args[1]}"
      args = [@command, args.last]
    else
      @command = args.first
    end

在 Git for Windows 方面，正在进行修复:see commit 0f33428

Revert "git_connect: prefer Git's builtins over dashed form"

It would appear that this change (which was intended to fix tests interacting with local repositories when git-upload-pack was not in the PATH) regresses on SSH access.

A Git for Windows 2.14.0(2) 正在开发中，并且在 30 分钟前(2017-08-07T11:05:34Z UTC)刚刚发布(UTC)。

---

原始答案

如果 key1 与您的 /path/to/.ssh/key 相同并且确实识别了 John Doe，那应该意味着 John Doe 没有访问权限 repo 协议(protocol)(as in here)。
检查 key2 是否与其他用户相关联。

如果两个键引用同一个用户，那么它更像是一个本地配置问题(如 this answer )。 还要检查您的 TortoiseGit 是否使用与您的测试相同的 key :

set "GIT_COMMAND_SSH=ssh -v"
# launch TortoiseGit from that CMD session

然后您将看到在使用 ssh url 克隆存储库时 TortoiseGit 使用的是什么。您可能需要 define an .ssh/config file .