博客

git获取代码失败,没有权限

  • Post author:
  • Post category:其他


在这里插入图片描述

一个正常权限校验的流程包括

  1. public key被正确的上传到git平台
  2. 本地的public key和private key能够正常映射
  3. git在传输的时候能够用到这两个key,对数据进行加密
  4. 客户端使用的git账号是有权限的获取这个代码的

从上面的过程,当遇到Permission denied (keyboard-interactive,publickey).这个错误的时候,我们可以按照以下流程排查

  1. 检查git 平台的public key是否和本地的public key一致
  2. public key和private key是否匹配,这里有一段go代码,可以测试。原理就是用public key加密的数据,用Private key解密

    参考:https://earthly.dev/blog/encrypting-data-with-ssh-keys-and-golang/ 
package main

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"crypto/x509"
	"encoding/base64"
	"encoding/pem"
	"fmt"
	"golang.org/x/crypto/ssh"
)

func marshalRSAPrivate(priv *rsa.PrivateKey) string {
	return string(pem.EncodeToMemory(&pem.Block{
		Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv),
	}))
}

func generateKey() (string, string, error) {
	reader := rand.Reader
	bitSize := 2048

	key, err := rsa.GenerateKey(reader, bitSize)
	if err != nil {
		return "", "", err
	}

	pub, err := ssh.NewPublicKey(key.Public())
	if err != nil {
		return "", "", err
	}
	pubKeyStr := string(ssh.MarshalAuthorizedKey(pub))
	privKeyStr := marshalRSAPrivate(key)

	return pubKeyStr, privKeyStr, nil
}

func encrypt(msg, publicKey string) (string, error) {
	parsed, _, _, _, err := ssh.ParseAuthorizedKey([]byte(publicKey))
	if err != nil {
		return "", err
	}
	// To get back to an *rsa.PublicKey, we need to first upgrade to the
	// ssh.CryptoPublicKey interface
	parsedCryptoKey := parsed.(ssh.CryptoPublicKey)

	// Then, we can call CryptoPublicKey() to get the actual crypto.PublicKey
	pubCrypto := parsedCryptoKey.CryptoPublicKey()

	// Finally, we can convert back to an *rsa.PublicKey
	pub := pubCrypto.(*rsa.PublicKey)

	encryptedBytes, err := rsa.EncryptOAEP(
		sha256.New(),
		rand.Reader,
		pub,
		[]byte(msg),
		nil)
	if err != nil {
		return "", err
	}
	return base64.StdEncoding.EncodeToString(encryptedBytes), nil
}

func decrypt(data, priv string) (string, error) {
	data2, err := base64.StdEncoding.DecodeString(data)
	if err != nil {
		return "", err
	}

	block, _ := pem.Decode([]byte(priv))
	key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
	if err != nil {
		return "", err
	}

	decrypted, err := rsa.DecryptOAEP(sha256.New(), rand.Reader, key, data2, nil)
	if err != nil {
		return "", err
	}
	return string(decrypted), nil
}

func main() {
	//pubKey, privKey, _ := generateKey()
	//fmt.Println("my public key is...")
	//fmt.Println(pubKey)
	//fmt.Println("my private key is...")
	//fmt.Println(privKey)
	var pubKey, privKey string
	fmt.Print("Enter public key:")
	fmt.Scanf("%s", &pubKey)
	fmt.Print("Enter private key:")
	fmt.Scanf("%s", &privKey)

	var err error
	var cryptoed string
	cryptoed, err = encrypt("123", pubKey)
	if err != nil {
		panic(nil)
	}

	var decrypted string
	decrypted, err = decrypt(cryptoed, privKey)
	fmt.Printf("decrypt result:%s\n", decrypted)
}

  1. 参考这篇文档

    https://linuxize.com/post/using-the-ssh-config-file/

  2. 查看项目的.git/config文件,里面有描述账号


版权声明:本文为pengjian444原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。