github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-18 22:22:24 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Read / Write deploy key not working #1626

New Issue
Closed
opened 2025-11-02 04:07:23 -06:00 by GiteaMirror · 11 comments
GiteaMirror commented 2025-11-02 04:07:23 -06:00
Owner
Copy Link

Originally created by @abueschel on GitHub (Mar 14, 2018).

  • Gitea version (or commit ref): a2a49c9 (from Docker image gitea/gitea)
  • Git version: 2.15.0
  • Operating system: Official docker image running on CentOS 7
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:
Mar 14 16:58:20 syslogd started: BusyBox v1.27.2
/etc/ssh/sshd_config line 32: Deprecated option UsePrivilegeSeparation
Mar 14 15:58:20 sshd[15]: Server listening on :: port 22.
Mar 14 15:58:20 sshd[15]: Server listening on 0.0.0.0 port 22.
2018/03/14 16:58:20 [T] AppPath: /app/gitea/gitea
2018/03/14 16:58:20 [T] AppWorkPath: /app/gitea
2018/03/14 16:58:20 [T] Custom path: /data/gitea
2018/03/14 16:58:20 [T] Log path: /data/gitea/log
2018/03/14 16:58:20 Serving [::]:3000 with pid 14
[...]
Mar 14 15:59:15 sshd[56]: rexec line 32: Deprecated option UsePrivilegeSeparation
Mar 14 15:59:15 sshd[56]: Accepted publickey for git from 172.19.0.1 port 34068 ssh2: RSA SHA256:[...]
Mar 14 15:59:15 sshd[58]: Received disconnect from 172.19.0.1 port 34068:11: disconnected by user
Mar 14 15:59:15 sshd[58]: Disconnected from user git 172.19.0.1 port 34068

Description

If i add a deploy key to one of my repositories without enabling "Allow write access" I can clone/pull. If I add the exact same key to the repo with Read / Write access, i get an error:

git clone ssh://git@git.xxx.de:2222/user/repo.git
Cloning into 'repo'...
Gitea: Key access denied
Deploy key access denied: [key_id: 2, repo_id: 10]
fatal: Could not read from remote repository.

I also could reproduce the issue with the newest 1.4 Docker image.

I hope this is all the relevant information but I can provide more if needed.

Originally created by @abueschel on GitHub (Mar 14, 2018). - Gitea version (or commit ref): a2a49c9 (from Docker image gitea/gitea) - Git version: 2.15.0 - Operating system: Official docker image running on CentOS 7 - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ``` Mar 14 16:58:20 syslogd started: BusyBox v1.27.2 /etc/ssh/sshd_config line 32: Deprecated option UsePrivilegeSeparation Mar 14 15:58:20 sshd[15]: Server listening on :: port 22. Mar 14 15:58:20 sshd[15]: Server listening on 0.0.0.0 port 22. 2018/03/14 16:58:20 [T] AppPath: /app/gitea/gitea 2018/03/14 16:58:20 [T] AppWorkPath: /app/gitea 2018/03/14 16:58:20 [T] Custom path: /data/gitea 2018/03/14 16:58:20 [T] Log path: /data/gitea/log 2018/03/14 16:58:20 Serving [::]:3000 with pid 14 [...] Mar 14 15:59:15 sshd[56]: rexec line 32: Deprecated option UsePrivilegeSeparation Mar 14 15:59:15 sshd[56]: Accepted publickey for git from 172.19.0.1 port 34068 ssh2: RSA SHA256:[...] Mar 14 15:59:15 sshd[58]: Received disconnect from 172.19.0.1 port 34068:11: disconnected by user Mar 14 15:59:15 sshd[58]: Disconnected from user git 172.19.0.1 port 34068 ``` ## Description If i add a deploy key to one of my repositories without enabling "Allow write access" I can clone/pull. If I add the exact same key to the repo with Read / Write access, i get an error: ``` git clone ssh://git@git.xxx.de:2222/user/repo.git Cloning into 'repo'... Gitea: Key access denied Deploy key access denied: [key_id: 2, repo_id: 10] fatal: Could not read from remote repository. ``` I also could reproduce the issue with the newest 1.4 Docker image. I hope this is all the relevant information but I can provide more if needed.
GiteaMirror added the issue/staletype/bug labels 2025-11-02 04:07:23 -06:00
GiteaMirror commented 2025-11-02 04:07:24 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Mar 17, 2018):

In the admin panel have you tried running the Rewrite '.ssh/authorized_keys' file (for Gitea SSH keys). operation?

@techknowlogick commented on GitHub (Mar 17, 2018): In the admin panel have you tried running the `Rewrite '.ssh/authorized_keys' file (for Gitea SSH keys).` operation?
GiteaMirror commented 2025-11-02 04:07:24 -06:00
Author
Owner
Copy Link

@abueschel commented on GitHub (Mar 19, 2018):

Yes I tried that with no success. I also updated the Image to c28bf94 and ran it again today, the error still persists.

@abueschel commented on GitHub (Mar 19, 2018): Yes I tried that with no success. I also updated the Image to c28bf94 and ran it again today, the error still persists.
GiteaMirror commented 2025-11-02 04:07:24 -06:00
Author
Owner
Copy Link

@manuelmohr commented on GitHub (Mar 27, 2018):

I have the exact same problem. Rewriting authorized_keys did not help either.

@manuelmohr commented on GitHub (Mar 27, 2018): I have the exact same problem. Rewriting `authorized_keys` did not help either.
GiteaMirror commented 2025-11-02 04:07:25 -06:00
Author
Owner
Copy Link

@sphrak commented on GitHub (Jun 30, 2018):

Can confirm this issue still persists on 1.4.3. To clarify what breaks is the write mode -- not read mode, that works. Rewriting the authorized_keys does not change anything it still doesnt work.

@sphrak commented on GitHub (Jun 30, 2018): Can confirm this issue still persists on `1.4.3`. To clarify what breaks is the write mode -- not read mode, that works. Rewriting the `authorized_keys` does not change anything it still doesnt work.
GiteaMirror commented 2025-11-02 04:07:25 -06:00
Author
Owner
Copy Link

@MarAvFe commented on GitHub (Sep 9, 2018):

I had the same issue yesterday. I was running gitlab and migrated all repos to gitea. After all the config, ssh keys wouldn't work. Rewriting the ssh file wouldn't work. But I had to add a new config to workingDirectory/custom/conf/app.ini:

; https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample#L153
[server]
; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
SSH_ROOT_PATH = /var/opt/gitlab/.ssh

Of course, the value is dependent of your server config. After that, I added the key to my user, and it didn't work.

But I tried the Rewrite '.ssh/authorized_keys' file (for Gitea SSH keys). operation and it worked.

This is on Gitea v1.5.1

@MarAvFe commented on GitHub (Sep 9, 2018): I had the same issue yesterday. I was running gitlab and migrated all repos to gitea. After all the config, ssh keys wouldn't work. Rewriting the ssh file wouldn't work. But I had to add a new config to `workingDirectory/custom/conf/app.ini`: ```ini ; https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample#L153 [server] ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'. SSH_ROOT_PATH = /var/opt/gitlab/.ssh ``` Of course, the value is dependent of your server config. After that, I added the key to my user, and it didn't work. But I tried the `Rewrite '.ssh/authorized_keys' file (for Gitea SSH keys).` operation and it worked. This is on Gitea v1.5.1
GiteaMirror commented 2025-11-02 04:07:25 -06:00
Author
Owner
Copy Link

@westhom commented on GitHub (Nov 16, 2018):

Also ran into the issue on 1.5.3. I added a read-only deploy key but I got the error when cloning:

Gitea: Invalid key ID
Invalid key ID[key-6]: public key does not exist [id: 6]

Running the rewrite authorized_keys command from the dashboard fixed the issue.

@westhom commented on GitHub (Nov 16, 2018): Also ran into the issue on 1.5.3. I added a read-only deploy key but I got the error when cloning: ``` Gitea: Invalid key ID Invalid key ID[key-6]: public key does not exist [id: 6] ``` Running the rewrite authorized_keys command from the dashboard fixed the issue.
GiteaMirror commented 2025-11-02 04:07:25 -06:00
Author
Owner
Copy Link

@pew commented on GitHub (Nov 20, 2018):

I have this issue as well with gitea 1.5.3, setting the SSH_ROOT_PATH and rewriting the keys didn't work.

Gitea: Key access denied
Deploy key access denied: [key_id: 16, repo_id: 56]
fatal: Could not read from remote repository.

However, when giving the deploy key also write access it works. Which is something I don't want though.

@pew commented on GitHub (Nov 20, 2018): I have this issue as well with gitea 1.5.3, setting the `SSH_ROOT_PATH` and rewriting the keys didn't work. ``` Gitea: Key access denied Deploy key access denied: [key_id: 16, repo_id: 56] fatal: Could not read from remote repository. ``` However, when giving the deploy key also **write** access it works. Which is something I don't want though.
GiteaMirror commented 2025-11-02 04:07:26 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Jan 9, 2019):

I think this should be a design error on public_key table. We have to keep Fingerprint unique so that there is no duplicated public key on the authorized_keys file.

@lunny commented on GitHub (Jan 9, 2019): I think this should be a design error on `public_key` table. We have to keep `Fingerprint` unique so that there is no duplicated public key on the authorized_keys file.
GiteaMirror commented 2025-11-02 04:07:26 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Jan 9, 2019):

I will try to send a PR to fix that and migrate old data to new struct.

@lunny commented on GitHub (Jan 9, 2019): I will try to send a PR to fix that and migrate old data to new struct.
GiteaMirror commented 2025-11-02 04:07:26 -06:00
Author
Owner
Copy Link

@stale[bot] commented on GitHub (Mar 10, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale[bot] commented on GitHub (Mar 10, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.
GiteaMirror commented 2025-11-02 04:07:26 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Mar 10, 2019):

Fixed by #5939

@zeripath commented on GitHub (Mar 10, 2019): Fixed by #5939
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/stale type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#1626
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?