Debian10 gogs 導致SSH 登錄失敗的解決的原因

Debian9 gogs 導致SSH 登錄失敗的解決的原因

1, 前言

---

裝了gogs, 配好了SSH, 我是裝在root用戶下的.
然後在客戶端用root直接 ssh 登錄, 同時客戶端還有用戶tester
在tester 用戶下獲取到 id_rsa.pub (cat /home/tester/.ssh./id_rsa.pub) 後, 在gogs 裏面加入 SSH key. 然後執行
ssh -T [email protected]
提示

Hi there, You've successfully authenticated, but Gogs does not provide shell access.
If this is unexpected, please log in with password and setup Gogs under another user.

說明gogs的 SSH 驗證通過, 這樣就可以拉代碼了.

2, 問題

---

把客戶端 root 的公鑰也加入到 gogs 的SSH key, 執行
ssh -T [email protected]
提示

Linux xxx 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64
Welcome to xxx !

在客戶端root下拉取倉庫代碼, 提示路徑不對

Cloning into 'test_project'...
fatal: '/test_git/test_project.git' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

實際在tester 用戶下是可以拉取的. 但是root客戶端拉取不了, 刪除 服務器上的 ~/.ssh/authorized_keys 裏面的ssh-rsa 的客戶端root 公鑰, 然後重新拉取, 可以拉取成功. 但是 root 客戶端就不能登錄 服務器了.
權限衝突了.

3, 解決辦法

---

使用單獨的用戶來拉取代碼, 不要和登錄服務器的用戶共用.
如果出現登錄問題, 需要把 客戶端的公鑰重新傳上去,並且刪除掉gogs的生成的key.

4, 重新用git 賬戶對gogs進行安裝編譯後, 成功了

---

注意, gogs在啓動後會在gogs 目錄下生成data 目錄,然後進行session的管理, 這裏, 需要有對應的權限, 如果是supervisor來管理的gogs, 那麼需要提前指定用戶和目錄, 以及環境變量, 再運行. 順序要固定, command在最後執行. 見如下的supervisor gogs配置

[program:gogs]
user=git
environment = HOME ="/home/git", USER="git"
directory=/home/git/gogs
command=/home/git/gogs/gogs web
autostart=true
autorestart=true
startsecs=10
stdout_logfile=/var/log/gogs/stdout.log
stdout_logfile_maxbytes=1MB
stdout_logfile_backups=10
stdout_capture_maxbytes=1MB
stderr_logfile=/var/log/gogs/stderr.log
stderr_logfile_maxbytes=1MB
stderr_logfile_backups=10
stderr_capture_maxbytes=1MB

gogs的nginx 反代, 注意需要和nginx的user保持一個. 見如下nginx配置

user git
upstream gogs {
    server 127.0.0.1:3000;
}

server {
    listen 80;
    server_name git.xxxxx.com git.xxxxx.org git.xxxx2.com;
    charset utf-8;

    location / {
        proxy_pass   http://gogs;

        proxy_redirect     off;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_max_temp_file_size 0;
        proxy_connect_timeout 90;
        proxy_send_timeout 90;
        proxy_read_timeout 90;
        proxy_buffer_size 4k;
        proxy_buffers 4 32k;
        proxy_busy_buffers_size 64k;
        proxy_temp_file_write_size 64k;
    }
    access_log /var/log/nginx/gogs.access.log access;
}

gogs的custom/conf/app.ini 自定義配置如下, 我的數據庫和ssh端口都改變了的.

APP_NAME = Gogs
RUN_USER = git
RUN_MODE = prod

[database]
DB_TYPE  = mysql
HOST     = 127.0.0.1:28888
NAME     = gogs
USER     = root
PASSWD   = 123456
SSL_MODE = disable
PATH     = data/gogs.db

[repository]
ROOT = /home/git/gogs_repo

[server]
DOMAIN           = git.xxxx1.org
HTTP_ADDR        = 0.0.0.0
HTTP_PORT        = 3000
LOCAL_ROOT_URL   = http://0.0.0.0:3000/
ROOT_URL         = http://git.xxxx1.org/
DISABLE_SSH      = false
SSH_PORT         = 28889
START_SSH_SERVER = false
OFFLINE_MODE     = false
LANDING_PAGE     = HOME

[mailer]
ENABLED = false

[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL     = false
DISABLE_REGISTRATION   = true
ENABLE_CAPTCHA         = true
REQUIRE_SIGNIN_VIEW    = true

[picture]
DISABLE_GRAVATAR        = false
ENABLE_FEDERATED_AVATAR = false

[session]
PROVIDER = file

[log]
MODE      = file
LEVEL     = Info
ROOT_PATH = /home/git/gogs_log

[security]
INSTALL_LOCK = true
SECRET_KEY   = 5MQTTDqWD6b6MZz