Topic: SSH instead of Access Tokens

KPandaK pro asked 6 years ago


I'm using a public repo for my code ... as such I need to be careful about exposing access tokens, private keys, etc to the public.If I use the default method for adding the mdb pro package via npm (through git), my access token will be embedded in the package.json file... which I don't want.

I've tried setting up SSH keys to get access and haven't been able to get that to work. Is it possible to use SSH keys to access the gitlab repo? If so, any thoughts on what I might be doing wrong? I've attached a dump of: ssh -vt git@git.mdbootstrap.com

debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 53: Applying options for *
debug1: Connecting to git.mdbootstrap.com [37.187.244.81] port 22.
debug1: Connection established.
debug1: identity file /Users/USERNAME/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/USERNAME/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/USERNAME/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/USERNAME/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/USERNAME/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/USERNAME/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/USERNAME/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/USERNAME/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to git.mdbootstrap.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3pAADZ17HHFb+tmEa2KWf/Pi8sV+8WYpPoFv8gaeR6E
debug1: Host 'git.mdbootstrap.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/USERNAME/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/USERNAME/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: /Users/USERNAME/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /Users/USERNAME/.ssh/id_dsa
debug1: Trying private key: /Users/USERNAME/.ssh/id_ecdsa
debug1: Trying private key: /Users/USERNAME/.ssh/id_ed25519
debug1: Next authentication method: password
git@git.mdbootstrap.com's password:


KPandaK pro commented 6 years ago

Just as a note, I've added the public key to my gitlab profile. I've also added the private key to my agent locally using ssh-add.

KPandaK pro answered 6 years ago


I'm still having issues... I've been digging into it a bit more and I think the issue is with permissions on the server.

I've run tests against other repos (GitHub, a different GitLab repo) with the same key and it seems to be working fine. So I'm fairly sure the issue isn't with the key or with the way I'm testing validation (ssh -vvvt git@git.mdbootstrap.com)

 

It sounds (from the internet) like there could be a couple different things to look at:

  • Can someone look at the authorized_keys file to see if my public key was added?
  • Can someone look at the auth.log to see if there are errors from my attempts to connect? (most recent attempt was at 12:21pm MST on Mar 23, 2018)
  • https://forum.gitlab.com/t/authorizing-with-ssh-key-against-gitlab/11411/2
  • https://superuser.com/questions/1137438/ssh-key-authentication-fails

 

Here's a dump of the test connect attempt:

debug3: load_hostkeys: loaded 1 keys from 37.187.244.81
debug1: Host 'git.mdbootstrap.com' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/USERNAME/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /c/Users/USERNAME/.ssh/id_rsa_mdbootstrap (0x600071e30), agent                <============= key is properly registered with ssh-agent
debug2: key: /c/Users/USERNAME/.ssh/id_rsa (0x0)
debug2: key: /c/Users/USERNAME/.ssh/id_dsa (0x0)
debug2: key: /c/Users/USERNAME/.ssh/id_ecdsa (0x0)
debug2: key: /c/Users/USERNAME/.ssh/id_ed25519 (0x0)
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:eM7vEpPlovnBxiycTk+lrmr5XprG+T0rZItmtWJ8CYA /c/Users/USERNAME/.ssh/id_rsa_mdbootstrap                         <========= sending public key
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /c/Users/USERNAME/.ssh/id_rsa
debug3: no such identity: /c/Users/USERNAME/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /c/Users/USERNAME/.ssh/id_dsa
debug3: no such identity: /c/Users/USERNAME/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /c/Users/USERNAME/.ssh/id_ecdsa
debug3: no such identity: /c/Users/USERNAME/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /c/Users/USERNAME/.ssh/id_ed25519
debug3: no such identity: /c/Users/USERNAME/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method                                                                                  <====================================== Something went wrong
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
git@git.mdbootstrap.com's password:


sourabha22 pro commented 6 years ago

KPandaK : Were you able to resolve this? I am too facing the same issue when trying to even attempting to clone via ssh/add as a dependency in package.json

KPandaK pro commented 6 years ago

Hey @sourabha22 I was not able to get SSH working. As near as I can tell, something is wrong with the permissions on the gitlab server for users... most likely on the authorized_keys folder. However, I was able to work around the issue by using http instead. If you use regular http with no user/pass in your package.json, git will attempt to authenticate - you can then enter your credentials and it will download the package. If you're on Mac, you might need to set up your own password manager with git (I ran the command manually to connect to gitlab in Terminal, and then entered my credentials... after that npm would download the package correctly). "ng-mdb-pro": "git+https://git.mdbootstrap.com/mdb/angular/ng-pro.git"

Damian Gemza staff answered 6 years ago


KPandaK, GitLab allows you to use custom keys. You have to find more information about this problem on the Internet. We didn't used SSH to get access to our repo, but from our users we know, that it's possible to do. Best Regards, Damian

KPandaK pro commented 6 years ago

Thanks Damian, I'll dig around and see if I can figure out what I'm doing wrong.

sourabha22 pro commented 6 years ago

Hello Damien, Can you please suggest what is the ideal way to add mdbreact as a dependency within package.json. In free version we used to add "mdbreact":"git_repo_url" However with pro version, i want to add the pro git repo url (which is a private repo with access control). Any help is highly appreciated.


Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Answered

Specification of the issue

  • ForumUser: Pro
  • Premium support: No
  • Technology: MDB Angular
  • MDB Version: -
  • Device: -
  • Browser: -
  • OS: -
  • Provided sample code: No
  • Provided link: No
Tags