问题描述
我的公司已移至新的GITHUB存储库。在我的Linux开发服务器上,我试图连接到新的git存储库以进行克隆。我有一个部署工具,可以从GIT存储库获取软件并自动进行部署。
但是,我与新存储库的新连接不起作用
$ git clone https://githubxxxxx.com/xxxxxxx/myrepo.git
cloning into 'myrepo'...
fatal: unable to access 'https://githubxxxxx.com/xxxxxxx/myrepo.git/': Peer's certificate issuer has been marked as not trusted by the user.
我想我已经完成了我应该做的所有事情:
- 我为SSH创建了新密钥
- 我将密钥存储在GIT存储库中
我对笔记本电脑执行了相同的步骤,并且可以正常工作。
如果我更改sslVerify的全局属性
git config --global http.sslVerify false
然后我可以连接和克隆,但是每次我都必须输入用户名和密码,这是没有道理的。
有人知道我是否想念这里吗?我还需要设置其他全局变量吗?
如果我对存储库执行ssh -v,则会发现我可以进行身份验证。
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/ftpfdm/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to githubxxxxx.com (via proxy).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: proc
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
PTY allocation request Failed on channel 0
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi x329097! You've successfully authenticated,but GitHub does not provide shell access.
debug1: channel 0: free: client-session,nchannels 1
Connection to githubxxxxx.com closed.
更新
如果我通过ssh尝试,则远程主机将关闭连接
$ git clone ssh://githubxxxxx.com:mygroup/myrepo.git
cloning into 'myrepo'...
ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
新更新
这可以代替。有没有人知道为什么它会以这种方式而不是ssh://起作用,而实际上是通过ssh进行克隆的。我本打算将解决方案作为答案发布,但我认为这是不对的,因为我不知道为什么这种方法可行。
git clone git@githubxxxxx.com:group/myrepo.git
解决方法
对等证书颁发者已被标记为用户不信任。
这纯粹是HTTPS问题,与SSH无关。
您需要这样做:
-
将其另存为文件
/home/<me>/ghe.pem(用用户登录名替换<me>) -
通过以下方式引用它:
git config --global http."https://githubxxxxx.com/".sslcainfo ${HOME}/ghe.pem
如果您使用的是SSH URL,则始终需要使用远程用户'git',这就是git@githubxxxxx.com:group/myrepo.git起作用的原因。