使用 .ssh/authorized_keys 授权我的 git 服务器不起作用

Question

I setup a git server 2.30.2 on my NAS with debian bullseye.

User is git with home directory /media/nas/programming/git_repos/ and shell /bin/bash .

home directory and all of its subdirectories/files are owned by git:git .

home directory has 770 permissions and directory .ssh inside home directory has 700 permissions.

I create a private/public key with command ssh-keygen -t ed25519 -C mymail@gmail.com (or on second try ssh-keygen -t rsa -C mymail@gmail.com ).

Public key becomes /media/nas/programming/git_repos/.ssh/authorized_keys ( git:git ownership, 400 permissions) and private key becomes c:/Users/<username>/.ssh/id_ed25519 (or on second try c:/Users/<username>/.ssh/id_rsa ) on Windows PC.

On /etc/ssh/sshd_config I have a line AllowUsers root git...

Now, with Git GUI, I am trying to connect to remote (lets say fetch) with url url = git@10.0.0.2:my_project .

Initially it asks for password to decrypt id_ed25519 (or on second try id_rsa ).

Then it asks for password for git@10.0.0.2 which means Git server does not count at all the .ssh/authorized_keys .

What I am doing wrong here?

update ssh -Tv git@10.0.0.2 does not say so much:

 ....
 debug1: Authentications that can continue: publickey,password
 debug1: Next authentication method: publickey
 debug1: Trying private key: C:\\Users\\chameleon/.ssh/id_rsa
 debug1: Trying private key: C:\\Users\\chameleon/.ssh/id_dsa
 debug1: Trying private key: C:\\Users\\chameleon/.ssh/id_ecdsa
 debug1: Trying private key: C:\\Users\\chameleon/.ssh/id_ed25519
 debug1: read_passphrase: can't open /dev/tty: No such file or directory
 Enter passphrase for key 'C:\Users\chameleon/.ssh/id_ed25519':     <---- Here I give the password
 debug1: Authentications that can continue: publickey,password
 debug1: Trying private key: C:\\Users\\chameleon/.ssh/id_xmss
 debug1: Next authentication method: password
 debug1: read_passphrase: can't open /dev/tty: No such file or directory
 git@10.0.0.2's password:    <---- Here I give the password. After that, connection established.

Answer 1

Make sure you have the right permission on the remote side (NAS ~git): if anything if writable by "others", SSH will not consider the authorized_keys file.

Then test your connection with ssh -Tv git@10.0.0.2 and confirm your c:/Users/<username>/.ssh/id_ed25519 is considered and proposed.
If it is, consider launching an sshd in debug mode on your NAS to see if any error message pops up during your ssh -Tv test command.

Answer 2

Answer to my question:

Fast: Change permissions of git home folder from 770 to 750 .

Bloated:

As @VonC says above, I start a new sshd instance in port 12345 with debug 3 mode:

sshd -p 12345 -ddd

Then I replace my remote repository link inside MyProjectFolder/.git/config , from:

[remote "MyNAS"]
        url = ssh://git@10.0.0.2:my_project

to

[remote "MyNAS"]
        url = ssh://git@10.0.0.2:12345/~/my_project

and I try a fetch .

sshd instance respond that git home folder does not have properly ownership and/or permissions.

I change git home folder from 770 to 750 and now it works.

PS: group writing set, because I user belong to git group and I was feeling that write access to git repo is a handy permission. Never mind. It is not so useful.