GitLab SSH authentication succeeds, then connection closes

Question

I have added an ecdsa-sha2-nistp256 SSH public key to my user account on a self-hosted GitLab instance. The same public key is used without issue on other services like GitHub.

When I try to clone any repo over SSH (git clone git@gitlab.local:user/project.git), including my own repos I am absolutely an owner of, I can see that the server accepts the public key:

debug1: Offering public key: ecdsa-sha2-nistp256 ECDSA SHA256:LL8b...Onco agent
debug1: Server accepts key: ecdsa-sha2-nistp256 ECDSA SHA256:LL8b...Onco agent

But the connection is immediately terminated and the clone aborted.

I've confirmed that ECDSA keys are enabled on the server, and that I'm connecting to the right server. Removing the public key from my profile results in a different error, so I know that (a) the server's authorized_keys setup is working, and (b) there isn't another user without repo privileges that I'm getting logged in as.

Answer 1

The issue seemed to be that /etc/pam.d/sshd had been modified in a way that prevented authentication.

We added the following to the top of the file:

# local user 'git' needs to be allowed
account sufficient pam_localuser.so

Answer 2

If the GitLab logs don't show any additional clue, I would start the ssh daemon on the server in debug mode: sshd -d

That will trigger a one-time interactive session, where you can see if your client SSH query:

• arrives to the server
• triggers any error message.