一个正常权限校验的流程包括
- public key被正确的上传到git平台
- 本地的public key和private key能够正常映射
- git在传输的时候能够用到这两个key,对数据进行加密
- 客户端使用的git账号是有权限的获取这个代码的
从上面的过程,当遇到Permission denied (keyboard-interactive,publickey).这个错误的时候,我们可以按照以下流程排查
- 检查git 平台的public key是否和本地的public key一致
- public key和private key是否匹配,这里有一段go代码,可以测试。原理就是用public key加密的数据,用Private key解密
参考:https://earthly.dev/blog/encrypting-data-with-ssh-keys-and-golang/
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"fmt"
"golang.org/x/crypto/ssh"
)
func marshalRSAPrivate(priv *rsa.PrivateKey) string {
return string(pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv),
}))
}
func generateKey() (string, string, error) {
reader := rand.Reader
bitSize := 2048
key, err := rsa.GenerateKey(reader, bitSize)
if err != nil {
return "", "", err
}
pub, err := ssh.NewPublicKey(key.Public())
if err != nil {
return "", "", err
}
pubKeyStr := string(ssh.MarshalAuthorizedKey(pub))
privKeyStr := marshalRSAPrivate(key)
return pubKeyStr, privKeyStr, nil
}
func encrypt(msg, publicKey string) (string, error) {
parsed, _, _, _, err := ssh.ParseAuthorizedKey([]byte(publicKey))
if err != nil {
return "", err
}
// To get back to an *rsa.PublicKey, we need to first upgrade to the
// ssh.CryptoPublicKey interface
parsedCryptoKey := parsed.(ssh.CryptoPublicKey)
// Then, we can call CryptoPublicKey() to get the actual crypto.PublicKey
pubCrypto := parsedCryptoKey.CryptoPublicKey()
// Finally, we can convert back to an *rsa.PublicKey
pub := pubCrypto.(*rsa.PublicKey)
encryptedBytes, err := rsa.EncryptOAEP(
sha256.New(),
rand.Reader,
pub,
[]byte(msg),
nil)
if err != nil {
return "", err
}
return base64.StdEncoding.EncodeToString(encryptedBytes), nil
}
func decrypt(data, priv string) (string, error) {
data2, err := base64.StdEncoding.DecodeString(data)
if err != nil {
return "", err
}
block, _ := pem.Decode([]byte(priv))
key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return "", err
}
decrypted, err := rsa.DecryptOAEP(sha256.New(), rand.Reader, key, data2, nil)
if err != nil {
return "", err
}
return string(decrypted), nil
}
func main() {
//pubKey, privKey, _ := generateKey()
//fmt.Println("my public key is...")
//fmt.Println(pubKey)
//fmt.Println("my private key is...")
//fmt.Println(privKey)
var pubKey, privKey string
fmt.Print("Enter public key:")
fmt.Scanf("%s", &pubKey)
fmt.Print("Enter private key:")
fmt.Scanf("%s", &privKey)
var err error
var cryptoed string
cryptoed, err = encrypt("123", pubKey)
if err != nil {
panic(nil)
}
var decrypted string
decrypted, err = decrypt(cryptoed, privKey)
fmt.Printf("decrypt result:%sn", decrypted)
}
-
参考这篇文档
https://linuxize.com/post/using-the-ssh-config-file/ -
查看项目的.git/config文件,里面有描述账号
