Acessando Gitlab usando porta alternativa a 22 pelo linux

Escrito por em

Esse artigo vou mastrar como acessar um servidor Gitlab usando uma porta alternativa a porta 22, nesse caso usaremos a porta 2247

Primeiro , vamos gerar a chave de ssh. O gitlab só aceita  chave rsa junto com o e-mail.

ssh-keygen -t rsa -b 4096 -C "julio@gmail.com"

Vamos adicionar a chave ao ssh

ssh-add ~/.ssh/id_rsa

Vamos editar o arquivo .config dentro da pasta .ssh

nano .ssh/config
#demais hosts usam essa chave
Host * 
PubkeyAcceptedKeyTypes +ssh-dss

#dominio git com porta alta.
host seu-host.seudominio.com
Hostname seu-host.seudominio.com 
#porta remota
Port 2247

Vamos dentro do gitlab em setings na profile do usuário depois ssh Keys   e adicionar a chave contida no id_dsa.pub.

Vamos seguir os seguintes comandos.


Nesse caso a baixo eu adicionei um repositório test criado no gitlab e posteriormente

julio@julio:~/Imagens$ git remote add origin git@seu-host.seudominio.com:root/test.git
julio@julio:~/Imagens$ git add .
julio@julio:~/Imagens$ git commit -m "Initial commit"
[master (root-commit) 1c59959] Initial commit
 3 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 Screenshot_20181122_100912.png
 create mode 100644 Screenshot_20181122_113619.png
 create mode 100644 Screenshot_20181122_162140.png
julio@julio:~/Imagens$ git push -u origin master
Counting objects: 5, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 200.32 KiB | 14.31 MiB/s, done.
Total 5 (delta 0), reused 0 (delta 0)
To seu-host.seudominio.com:root/test.git
 * [new branch]      master -> master
Branch 'master' set up to track remote branch 'master' from 'origin'.

Dicas importantes.

Debugando log do ssh dentro do container do gitlab.

root@host:/# tail -f  /var/log/gitlab/sshd/*
==> /var/log/gitlab/sshd/current <==
2018-11-22_18:58:48.44660 Accepted publickey for git from 177.17.63.97 port 46836 ssh2: RSA SHA256:iewsyDwBU77+qGLhoy7ROPpfCs7+uZrcK4bqCdGxOn0
2018-11-22_18:58:48.84280 Received disconnect from 177.17.63.97 port 46836:11: disconnected by user
2018-11-22_18:58:48.84282 Disconnected from 177.17.63.97 port 46836
2018-11-22_19:17:06.59671 Accepted publickey for git from 177.17.63.97 port 47088 ssh2: RSA SHA256:iewsyDwBU77+qGLhoy7ROPpfCs7+uZrcK4bqCdGxOn0
2018-11-22_19:17:07.10290 Received disconnect from 177.17.63.97 port 47088:11: disconnected by user
2018-11-22_19:17:07.10292 Disconnected from 177.17.63.99 port 47088
2018-11-22_19:29:50.95474 Accepted publickey for git from 177.17.63.97 port 47246 ssh2: RSA SHA256:iewsyDwBU77+qGLhoy7ROPpfCs7+uZrcK4bqCdGxOn0
2018-11-22_19:29:52.33892 Received disconnect from 177.17.63.97 port 47246:11: disconnected by user
2018-11-22_19:29:52.33893 Disconnected from 177.17.63.97 port 47246
2018-11-22_19:31:23.78767 Connection closed by 112.65.170.186 port 39855 [preauth]

==> /var/log/gitlab/sshd/lock <==

Nesse caso  o login foi feito com sucesso.

2018-11-22_19:29:50.95474 Accepted publickey for git from 177.17.63.97 port 47246 ssh2: RSA SHA256:iewsyDwBU77+qGLhoy7ROPpfCs7+uZrcK4bqCdGxOn0

E outra dica de debug é usar  o ssh .

ssh -v git@seu-host.seudominio.com -p 2247

Gerando o log a seguir.

ssh -v git@seu-host.seudominio.com -p 2247
OpenSSH_7.6p1 Ubuntu-4ubuntu0.1, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /home/julio/.ssh/config
debug1: /home/julio/.ssh/config line 1: Applying options for *
debug1: /home/julio/.ssh/config line 5: Applying options for seu-host.seudominio.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to seu-host.seudominio.com [35.198.4.18] port 2247.
debug1: Connection established.
debug1: identity file /home/julio/.ssh/id_dsa.pub type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/julio/.ssh/id_dsa.pub-cert type -1
debug1: identity file /home/julio/.ssh/id_rsa.pub type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/julio/.ssh/id_rsa.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to seu-host.seudominio.com:2247 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:bD+T64OmsWWwd5lIupJfqudFFzpZwWb2NI4TmxSEW58
debug1: Host '[seu-host.seudominio.com]:2247' is known and matches the ECDSA host key.
debug1: Found key in /home/julio/.ssh/known_hosts:44
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:iewsyDwBU77+qGLhoy7ROPpfCs7+uZrcK4bqCdGxOn0 /home/julio/.ssh/id_rsa.pub
debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
debug1: Authentication succeeded (publickey).
Authenticated to seu-host.seudominio.com ([35.198.4.18]:2247).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: PTY allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: PTY allocation disabled.
debug1: Sending environment.
debug1: Sending env LANG = pt_BR.UTF-8
PTY allocation request failed on channel 0
Welcome to GitLab, @root!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to seu-host.seudominio.com closed.
Transferred: sent 3796, received 3132 bytes, in 0.3 seconds
Bytes per second: sent 11127.8, received 9181.3
debug1: Exit status 0

A mensagem de boas vindas do usuário git .

Welcome to GitLab, @root!

 

O arquivo de configuração do sshd do gitlab container fica em.

nano /assets/sshd_config 




Port 22
ChallengeResponseAuthentication no
HostKey /etc/gitlab/ssh_host_rsa_key
HostKey /etc/gitlab/ssh_host_ecdsa_key
HostKey /etc/gitlab/ssh_host_ed25519_key
Protocol 2
PermitRootLogin no
PasswordAuthentication no
MaxStartups 100:30:200
AllowUsers git
PrintMotd no
PrintLastLog no
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys /gitlab-data/ssh/authorized_keys


# Fix: User username not allowed because account is locked
# With "UsePAM yes" the "!" is seen as a password disabled account and not fully locked so ssh public key login works
UsePAM yes

# Disabling use DNS in ssh since it tends to slow connecting
UseDNS no


 

 

 

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *