[Resolved] GIT Provider - (Hosted GITEA) - SSH Keys not working. Stumped!
I can SSH to the GITEA from another machine using the same key (so it is working). I let DOKPLOY generate the keys [Generate ED25519 SSH Key].
However, it wont deploy and I am stuck at what the issues is. From the Dokploy Deployment log Repository URL include port Permission denied (publickey,gssapi-keyex,gssapi-with-mic). fatal: Could not read from remote repository. From the GITEA server log: Unable to negotiate with x.x.x.x port 46446: no matching host key type found. Their offer: [email protected] [preauth] I could really use some help or tips. (Note that I am using a custom port 222 which seems to work fine in the url in format: [email protected]:222/user/repo.git I have tried generating RSA keys and using those, but get same error. Thank you.
However, it wont deploy and I am stuck at what the issues is. From the Dokploy Deployment log Repository URL include port Permission denied (publickey,gssapi-keyex,gssapi-with-mic). fatal: Could not read from remote repository. From the GITEA server log: Unable to negotiate with x.x.x.x port 46446: no matching host key type found. Their offer: [email protected] [preauth] I could really use some help or tips. (Note that I am using a custom port 222 which seems to work fine in the url in format: [email protected]:222/user/repo.git I have tried generating RSA keys and using those, but get same error. Thank you.
39 Replies
Are you deploying in remote server?
I am hosting the gitea on the same server (deployed using dokploy) it is accessible and works and i can push code from my laptop and pull from other servers using the added SSH key .
My deployment tab for the contents of the repository (which contain a Docker file) and the app source --> but when i hit deploy it just errors out (cant seem to negotiate ssh connection)
image posted
Try to use internal IP
Thanks - I tried the IP but got the same "Host Key Verification Failed"
*
Initializing deployment
Cloning Repo Custom [email protected]:222/user/repository.git to /etc/dokploy/applications/something-something-dba425/code: ā
Cloning into '/etc/dokploy/applications/something-something-dba425/code'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
ERROR Cloning Custom Git: Error: Cloning into '/etc/dokploy/applications/something-something-dba425/code'...
Host key verification failed.
fatal: Could not read from remote repository.*
Logs from Gitea server (It sees the connection attempt)
LOGS FROM gitea server
Connection closed by x.x.x.x port 46020 [preauth]
Connection closed by x.x.x.x port 46034 [preauth]
Connection closed by x.x.x.x port 46036 [preauth]
Unable to negotiate with x.x.x.x port 46038: no matching host key type found. Their offer: [email protected] [preauth]
Unable to negotiate with x.x.x.x port 46044: no matching host key type found. Their offer: [email protected] [preauth]
Could there be any issues with the way the keys are stored in Dokploy (permissions) or key types? where are they stored? Should i try to generate my own or place them instead?
Since i can connect to Gitea using the same key, i know it is installed correctly on Gitea, just wondering if the SSH aspect on Dokploy is having issues, or how i can test initiating ssh connection from Dokploy server
Since i can connect to Gitea using the same key, i know it is installed correctly on Gitea, just wondering if the SSH aspect on Dokploy is having issues, or how i can test initiating ssh connection from Dokploy server
If it works for you using the gitea service, it is very likely that the self hosted instance of gitea you have is the problem, maybe there is something missing to configure.
have you tried to look in to gitea issues?
It is the same "self-hosted" gita - i can connect to it via ssh using same key from another machine, checkout code, push code. but cannot connect via Dokploy using the same ssh key - so i cannot explore any deployments other than uploading a tar file (which works) --> I even tried making a public repository and not using SSH but that also doesnt seem to work.
Is there another way i should be able to test like making the repository PUBLIC and not using a SSH key? (just use HTTPS?) --> i tried that before, but it also did not work.
Is there another way i should be able to test like making the repository PUBLIC and not using a SSH key? (just use HTTPS?) --> i tried that before, but it also did not work.
yeah you can use https, is not required to use ssh
with HTTPS there is no user/password though, right? so repository must be public right? - i will test again with this and see what the logs say
correct
I appreciate the replies... I'm usually quite good with this type of stuff and rarely ask for help.. but man am i stumped.
I am Still getting an error using HTTPS
when using the following Provider (but yet, i can go to any web browser and hit the URL)
https://gitea.subdomain.server.com/user/repository.git
fatal: could not read Username for 'https://gitea.subdomain.server.com': No such device or address
(values redacted for security)
looks like someone have a similar issue https://github.com/Dokploy/dokploy/issues/444
GitHub
Can't clone private gitea repo by SSH on deploy Ā· Issue #444 Ā· Dokp...
To Reproduce Prepare a live Gitea instance Generate a SSH key on Dokploy admin panel /dashboard/settings/ssh-keys Copy generated public key to Gitea user's SSH key setting Create a project and ...
the application you are deploying is in the dokploy server or remote server?
Did you configure SSH on your Gitea instance?
Thanks for the above link ( i did not find that one while searching) and will do some more reading on that.
I am able to ssh with the same key from my local workstation which is not in the cloud. it works to connect so i would expect Dokploy could also connect wit it.
for Gitea I did not have to do any configuration to gitea (nor did i need to do shim or ssh pass through) --> I can ssh from my host pc which is not in my cloud environment. In the docker file for gitea (deployed by Dokploy) i mapped a custom ssh port 222 to the container port 22.
After updating to latest (0.10.1) I get a very similar error, it used to work before the update however I'm unsure what version it was, 0.9.3 or 0.9.4 I believe.
Nothing changed since in the Gitea config, it only auto-updates.
Load key "/tmp/id_rsa": error in libcrypto Permission denied, please try again. Permission denied, please try again. [email protected]: Permission denied (publickey,password). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
interesting, created a new key and it works with that
I am using non-standard SSH port (222) instead of 22. I don't know if Dokploy is observing this in the setting - is there anyway to confirm? What I did was close port 22 on the host and tried to deploy again - this time i got a different error which suggests Dokploy is going to 22 by default. here is the error
ssh: connect to host gitea.subdomain.server.com port 22: Connection timed out
fatal: Could not read from remote repository.
even though my repository URL is set to [email protected]:222:user/repository.git
so.. this tells me perhaps DOKPLOY is not accepting the port notation - is that not a feature implemented?
Let me check that in the code, I remember when the connection is ssh we parse to extract the port, host and more things and that is used to insert in to the known_hosts but let me check
check this https://github.com/Dokploy/dokploy/blob/canary/packages/server/src/utils/providers/git.ts#L93
GitHub
dokploy/packages/server/src/utils/providers/git.ts at canary Ā· Dokp...
Open Source Alternative to Vercel, Netlify and Heroku. - Dokploy/dokploy
in git there is a env called GIT_SSH_COMMAND where you can defined the key and the knows file
and i think you can defined -p flag to pass the port maybe that will fix the issue š¤
is too much coincidence that is using the port 22, so very probably is missing that flag there
I will check - was just reviewing the code ( I think it might be in here https://github.com/Dokploy/dokploy/blob/canary/packages/server/src/utils/providers/git.ts )
I can see the port parsed out for storing in the known host - i just cant see (yet maybe) if the port is being specified on the ssh -i command to do the git clone.
GitHub
dokploy/packages/server/src/utils/providers/git.ts at canary Ā· Dokp...
Open Source Alternative to Vercel, Netlify and Heroku. - Dokploy/dokploy
that's what I said above, in the GIT_SSH_COMMAND we can pass the flag -p
I think that will fix the issue maybe
Sorry - ya i just noticed it was nearly the same link i was looking on. I will try to dig a bit more and will circle back after some more time hacking away . Thank you Siumauricio
Don't worry, i can try to set the port and see if is working?
Not sure if this was a proper way of testing (is it), but I edited
/app/node_modules/@dokploy/server/src/utils/providers/git.ts (per attached screenshot)
and added the -p 222
but tried again, I'm not sure that setting took effect (i didn't restart or do anything but just edit it in the running dokploy container)
(blocking port 22 again on the server to prevent unwanted connection and got the following error which again references it was attempting to hit port 22
"port 22: Connection timed out"
on my local machine, I edit a ~./ssh/config file to set the port on the per-host basis (so it is not needed on command line)
your gitea server is public?
if you add a public key I can test here
I'd prefer not to post IP here, but if it would help, I'd be willing to spin up a new one on a fresh server for testing purposes - I will be going to sleep soon today, but could give it a go tomorrow
This seems related?
https://discord.com/channels/1234073262418563112/1234076648005963786/threads/1258183487488397575
Would you like me to setup a gitea on non port 22 for you that you can test with?
would that help? (or any advice where in the code i can hardcode the port to 222 as a test - was the appraoch I took above correct? or do i need to restart the server etc.?
would that help? (or any advice where in the code i can hardcode the port to 222 as a test - was the appraoch I took above correct? or do i need to restart the server etc.?
Yeah I was asking to you to add a public key so I can try to replicate the same issue locally and then easily I can play with the SSH Command locally
Sure, let me spin up a new server with gitea on a IP that i will throw away and i will generate a key and share with you privately. give me an hour or so - Thank you
Hey, Siumauricio - I'm pretty convinced this is not a Dokploy issue.... I spun up a new server, installed Dokploy, spun up a gitlab and then i noticed the following setting on the setup page for Gitea (which i really thought i had changed in a config file after initial install on the other server... but maybe that didn't take)
I changed this to port 222 and was able to install the ssh keys and setup a Docker compose ...
I can't replicate with the same success from the main Dokploy (using the new gitea server) - i am getting a different error after setting up the new SSH key
Warning: Identity file /etc/dokploy/ssh/mlHWNuFyUKYXF8V9bWDrL_rsa not accessible: No such file or directory.
so i think i will just start again from scratch as I must have done something to it.
I am sorry to waste your time š¦
I am sorry to waste your time š¦
š
no worries
The error related to the rsa cannot be found is related to the breaking change introduced in 0.10.0
You need to recreate the key
I think i will just start fresh as this has all the signs of user error š¬
Is not necessary to do a fresh install
AH!! I got it working... I kept adding new keys but it did not help, then i removed them all and added a key. Still was not working and giving same error.
Then I did a update from the Settings page, and it applied the newest version of Dokploy (which i see was yesterday, followed by one 5 days ago which could have been just after my first install)
I don't think the update fixed a bug, but likely just fixed / updated /replaced some files I might have changed permissions on related to ssh keys or known hosts, or a config file.
or it rebooted the service which is what i needed.
Anyway, this is great news as I just completed my first smoke test and know have a pattern for deploying my apps rapidly from a private git repo over ssh with a couple quick clicks.
Now I am excited!
Yeah that was , we fixed a issue related to git and ssh keys
Nice !! Iām great that is working now