[Synology NAS] 도커 gitlab-ce 에서 ssh git clone 시 password 문의 해결책

시놀로지에서 도커로 gitlab-ce를 설치하고 ssh key까지 등록을 하였는데도 git clone을 하면 password를 계속 묻는 경우가 있다.

 

$ git clone git@fakeid.fake.me:40002/web-reference/korearetail.git
Cloning into 'korearetail'...
git@fakeid.fake.me's password:

 

 gitlab-ce 서버의 ssh가 동작하는지 아래명령으로 테스트가 가능하다. 테스트 결과 ssh는 key인증이 성공적이다.

$ ssh -Tv git@fakeid.fake.me -p 40002
OpenSSH_8.2p1, OpenSSL 1.1.1d  10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to kindlove.synology.me [111.11.11.111] port 40002.
debug1: Connection established.
debug1: identity file /c/Users/skkkm/.ssh/id_rsa type 0
debug1: identity file /c/Users/skkkm/.ssh/id_rsa-cert type -1
debug1: identity file /c/Users/skkkm/.ssh/id_dsa type -1
debug1: identity file /c/Users/skkkm/.ssh/id_dsa-cert type -1
debug1: identity file /c/Users/skkkm/.ssh/id_ecdsa type -1
debug1: identity file /c/Users/skkkm/.ssh/id_ecdsa-cert type -1
debug1: identity file /c/Users/skkkm/.ssh/id_ecdsa_sk type -1
debug1: identity file /c/Users/skkkm/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /c/Users/skkkm/.ssh/id_ed25519 type -1
debug1: identity file /c/Users/skkkm/.ssh/id_ed25519-cert type -1
debug1: identity file /c/Users/skkkm/.ssh/id_ed25519_sk type -1
debug1: identity file /c/Users/skkkm/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /c/Users/skkkm/.ssh/id_xmss type -1
debug1: identity file /c/Users/skkkm/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to fakeid.fake.me:40002 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:TYoBRGPc5Hh+gbLgm2eqJ1QFIE8fSIIio4EG+QRYM9U
debug1: Host '[kindlove.synology.me]:40002' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/skkkm/.ssh/known_hosts:15
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /c/Users/skkkm/.ssh/id_rsa RSA SHA256:UC6ovjls34H8IgJ1yi48zeyrpxGScb4ybWOWaqSt6AU
debug1: Will attempt key: /c/Users/skkkm/.ssh/id_dsa
debug1: Will attempt key: /c/Users/skkkm/.ssh/id_ecdsa
debug1: Will attempt key: /c/Users/skkkm/.ssh/id_ecdsa_sk
debug1: Will attempt key: /c/Users/skkkm/.ssh/id_ed25519
debug1: Will attempt key: /c/Users/skkkm/.ssh/id_ed25519_sk
debug1: Will attempt key: /c/Users/skkkm/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /c/Users/skkkm/.ssh/id_rsa RSA SHA256:UC6ovjls34H8IgJ1yi48zeyrpxGScb4ybWOWaqSt6AU
debug1: Server accepts key: /c/Users/skkkm/.ssh/id_rsa RSA SHA256:UC6ovjls34H8IgJ1yi48zeyrpxGScb4ybWOWaqSt6AU
debug1: Authentication succeeded (publickey).
Authenticated to fakeid.fake.me ([111.11.11.111]:40002).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: Ignored authorized keys: bad ownership or modes for file /var/opt/gitlab/.ssh/authorized_keys
debug1: Remote: /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k:1: key options: command user-rc
debug1: Remote: Ignored authorized keys: bad ownership or modes for file /var/opt/gitlab/.ssh/authorized_keys
debug1: Remote: /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k:1: key options: command user-rc
Welcome to GitLab, @kindlove!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3644, received 3688 bytes, in 0.1 seconds
Bytes per second: sent 33594.5, received 34000.1
debug1: Exit status 0

 

원인은 외부에서 바라보는 ssh 22번 port가 다르기 때문이다. 필자의 경우 도커 컨테이너 외부 40002 포트가 컨테이터 22번 포트로 연동되어 있음을 알 수 있다.

 

이럴 경우 git clone repo명 으로 clone을 하면 안되고 ssh의 다른 포트로 접속 주소를 바꿔주면 된다.

$ git clone ssh://git@fakeid.fake.me:40002/web-reference/korearetail.git
Cloning into 'korearetail'...
remote: Enumerating objects: 2065, done.
remote: Counting objects: 100% (2/2), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 2065 (delta 0), reused 0 (delta 0), pack-reused 2063
Receiving objects: 100% (2065/2065), 101.49 MiB | 49.63 MiB/s, done.
Resolving deltas: 100% (398/398), done.
Updating files: 100% (2560/2560), done.