当前位置: 首页 > news >正文

git ssh 已配置公钥,但仍然报错: Permission denied (publickey) - lay

背景

在Raspberry Pi 上通过 git clone ssh://xxx@<host_name>:29418/<REPOSITORY_NAME.git> 克隆 Gerrit 仓库时失败,报错 Permission denied (publickey);

但使用 git@ 格式(如 git clone git@<host_name>:<REPOSITORY_NAME.git>)可成功克隆。

另一台机器使用相同的 ssh:// 格式却能正常连接。

排查步骤

  • 验证 URL 格式

确认 ssh:// 格式的用户名(layton.ren)、端口(29418)、仓库路径正确,与 git@ 格式一致。

  • 测试 SSH 连接

通过 ssh -p 29418 xxx@<host_name> -v 查看调试日志,发现关键错误:send_pubkey_test: no mutual signature algorithm(客户端与服务器无共同支持的签名算法)。

pi@raspberrypi:~ $ ssh -p 29418 xxx@<host_name> -v
OpenSSH_9.2p1 Debian-2+deb12u5, OpenSSL 3.0.17 1 Jul 2025
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to <host_name> [<host_name>] port 29418.
debug1: Connection established.
debug1: identity file /home/pi/.ssh/id_rsa type 0
debug1: identity file /home/pi/.ssh/id_rsa-cert type -1
debug1: identity file /home/pi/.ssh/id_ecdsa type -1
debug1: identity file /home/pi/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/pi/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/pi/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/pi/.ssh/id_ed25519 type -1
debug1: identity file /home/pi/.ssh/id_ed25519-cert type -1
debug1: identity file /home/pi/.ssh/id_ed25519_sk type -1
debug1: identity file /home/pi/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/pi/.ssh/id_xmss type -1
debug1: identity file /home/pi/.ssh/id_xmss-cert type -1
debug1: identity file /home/pi/.ssh/id_dsa type -1
debug1: identity file /home/pi/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
debug1: Remote protocol version 2.0, remote software version GerritCodeReview_3.2.2 (APACHE-SSHD-2.4.0)
debug1: compat_banner: no match: GerritCodeReview_3.2.2 (APACHE-SSHD-2.4.0)
debug1: Authenticating to <host_name>:29418 as 'xxx'
debug1: load_hostkeys: fopen /home/pi/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:wLrwyxq0wXunwomNExZCRLqJHt7HMCjIQKawgMTQUU0
debug1: load_hostkeys: fopen /home/pi/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[<host_name>]:29418' is known and matches the ED25519 host key.
debug1: Found key in /home/pi/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/pi/.ssh/id_rsa RSA SHA256:p5FNVbVuIBEww6El0FBZXhSuJe4ku2oRqR1Wgl1duMg
debug1: Will attempt key: /home/pi/.ssh/id_ecdsa
debug1: Will attempt key: /home/pi/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/pi/.ssh/id_ed25519
debug1: Will attempt key: /home/pi/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/pi/.ssh/id_xmss
debug1: Will attempt key: /home/pi/.ssh/id_dsa
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/pi/.ssh/id_rsa RSA SHA256:p5FNVbVuIBEww6El0FBZXhSuJe4ku2oRqR1Wgl1duMg
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Trying private key: /home/pi/.ssh/id_ecdsa
debug1: Trying private key: /home/pi/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/pi/.ssh/id_ed25519
debug1: Trying private key: /home/pi/.ssh/id_ed25519_sk
debug1: Trying private key: /home/pi/.ssh/id_xmss
debug1: Trying private key: /home/pi/.ssh/id_dsa
debug1: No more authentication methods to try.
xxx@<host_name>: Permission denied (publickey).
pi@raspberrypi:~ $
  • 对比成功机器的日志

另一台机器(OpenSSH_7.6p1)使用 RSA 密钥时,服务器接受 ssh-rsa 算法(Server accepts key: pkalg ssh-rsa),而 Raspberry Pi 的新版 OpenSSH 默认禁用了 ssh-rsa,导致不兼容。

思路验证

验证强制使用 rsa 算法,测试 SSH 连接

ssh -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa -p 29418 xxx@<host_name>

如果可以连接,则证明,新版 OpenSSH 默认禁用了 ssh-rsa,导致不兼容。

解决办法

- 方法一: 生成并使用其他密钥算法

例如,debug log中所提示的ecdsa、ecdsa_sk、ed25519、ed25519_sk、xmss。以ed25519为例

  • 生成 ED25519 密钥:
ssh-keygen -t ed25519 -C "your_email@example.com"
  • 将公钥(~/.ssh/id_ed25519.pub)添加到 Gerrit 账户的 SSH Public Keys 配置中。
  • 重新克隆仓库。

- 方法二:配置新版 OpenSSH 兼容 RSA 算法

若需保留 RSA 密钥,可在 ~/.ssh/config 中将配置 host 强制启用 ssh-rsa 算法:

Host <host_name>Port 29418PubkeyAcceptedAlgorithms +ssh-rsaHostKeyAlgorithms +ssh-rsa

或者可配置所有 host 均强制启用 ssh-rsa 算法:

Host *Port 29418PubkeyAcceptedAlgorithms +ssh-rsaHostKeyAlgorithms +ssh-rsa
http://www.hskmm.com/?act=detail&tid=37328

相关文章:

  • 2025 年最新外呼系统厂家最新推荐排行榜:深度解析技术实力、服务体系及行业适配方案解决方案 / 电话营销 / 智能 / 电销卡 / 平台搭建 / 电销卡 / 线路公司推荐
  • 加速智能体开发:从 Serverless 运行时到 Serverless AI 运行时
  • RFSOC学习记录(三)LMK04828时钟配置
  • 设计原则-教程
  • WTAPI框架/微信个人号开发协议
  • AE/PR插件-Beauty Box v6.0.2 专业视频人像磨皮美颜润肤插件
  • 循环神经网络RNN
  • 2025 年北京紧急 / 北京上门 / 北京防盗门 / 北京密码锁开锁公司推荐:北京锁王开锁有限公司 —— 安全锁具服务的可靠之选
  • 2025 年封口机厂家推荐:武汉吕工机械,以技术创新驱动包装行业新发展
  • ubuntu 20.04 安装 maven 3.8.1
  • 开发微信机器人/个微/WTAPI框架
  • 详细介绍:python-poppler - PDF文档处理Python绑定库
  • 火山引擎发布新产品用户研究Agent,并推出数据智能体评测体系
  • pycharm 2025.2.3 安装、授权、使用说明
  • 读书笔记:白话解读Oracle哈希分区
  • GIT DUBUG 变量设置
  • 九种类图归纳总结
  • git ssh 已配置公钥,但仍然无法连接成功 - lay
  • 阅读笔记-待选中
  • 2025年10月国内环保悬浮拼装地板生产厂家全景解析报告,基于专业测评的技术、性能及市场优势深度分析
  • 批量跑脚本后自定义消息内容发送至钉钉--自定义发送到钉钉的消息内容
  • 2025年10月国内北京黄金回收公司全景解析报告,基于专业测评的技术、性能及市场优势深度分析
  • 在IntelliJ IDEA中采用Git
  • 国产化Excel开发组件Spire.XLS教程:在Python中将Pandas DataFrame导出到Excel的详细教程
  • 2025 年化工塑料桶生产厂家最新推荐榜:聚焦企业专利技术、品质管控及知名客户合作案例的权威解析
  • 主流CI/CD工具选型指南:助力企业实现高效交付
  • 通过openwrt唤醒pc电脑
  • 图表控件Aspose.Diagram教程:在C#中将VSD转换为PDF
  • Gitee:中国开发者生态的数字化转型引擎
  • Windows 11 24H2 堆栈防护:从功能解析到实战配置