Authentication failure when setting up Git backup

[thegadgetman]

Hi,

I am trying to setup Git backup to a repo on a local Gitea server but I get the error "authentication failure" when trying to connect - please can someone help me?

It is a clean install of Gitea and a new repo setup just for this purpose.
I have generated an SSH key pair and attached the public key to the Gitea user and private key to the Git private key section in the Git backup of opnsense.
When clicking Setup/Test Git I get the error "authentication failure".

I've done some searching and found this post - https://github.com/opnsense/plugins/issues/3834
Which gives a workaround by allowing an HTTP connection which works for me but is not secure so not a long term solution.
However, it does prove the connection to Gitea and the repo are working properly as it succeeds.

I have tried using the Gitea login details with the SSH key or just the user Git and no password following the opnsense documentation (but I understand this is written for Github) - https://docs.opnsense.org/manual/git-backup.html

Any ideas how I diagnose this further?

[patient0]

I have run a test and it does to work for me.

Setting the URL to 'ssh://<ip of Gitea server/gitea/<repo>.git', username 'git' and 'Branch' to whatever you like.

What type of SSH key did you create, RSA or ED25519? If RSA its size has to be >3071.

[thegadgetman]

Thanks for the response.

I'm using ssh-keygen in Windows with "-t rsa" to generate the key pair so not sure of size.
I did also try using ED25519 and the key text was much shorter so not sure if that was generated properly.
Both of these didn't work.

In Gitea, I was following these instructions to add the SSH key to the user - https://www.techaddressed.com/tutorials/add-verify-ssh-keys-gitea/
But I now also see you can add a Deploy Key to the repo so not sure which one I should be using.

When I get the SSH link for the repo it is in the format 'ssh://git@<hostname:ip>/<user>/<repo>.git' which is different to your URL.
I've tried both the Gitea username I created and just git for the opnsense user but neither worked.
The branch defaults to main in Gitea so I'm just using that.

Sorry if I've missed something obvious here but any help would be appreciated.

[patient0]

I'm using ssh-keygen in Windows with "-t rsa" to generate the key pair so not sure of size.

'ssh-keygen -l -f <your private key>' will tell you the size. The RSA key created on Debian 12 had a size of 3072, that was ok for me. ED25519 is probably the better option, you should be good with that.

Code Select Expand

$ ssh-keygen -l -f ~/opnsense-backup_rsa
3072 SHA256:sHyb1+EH24amoDGU0EeYmF/L+3Qhz3T0aRCnnmAS4iw jane@debian12 (RSA)


In Gitea, I was following these instructions to add the SSH key to the user

I have added the key as in your link.

repo it is in the format 'ssh://git@<hostname:ip>/<user>/<repo>.git'

That is what Gitea writes, yes. But the 'i' circle of the 'URL' field in OPNsense > Backup > Git indicates that it's what I wrote. I get 'unknown error' if I use the Gitea syntax.

For unknown reasons I had to remove and copy-paste the private key a second time in OPNsense, then it worked.

Can you manually push to that repo (to another branch, like test-branch) from another client using the same private key?
And/or you can try log in in using that key. You will not get a shell but you get a confirmation that the authentication was successful (below: 192.168.1.110 is the Gitea server, opnsense-backup_rsa the private key also used on OPNsense):

Code Select Expand

$ ssh -i ~/opnsense-backup_rsa git@192.168.1.110
PTY allocation request failed on channel 0
Hi there, gitea! You've successfully authenticated with the key named jane@debian12, but Gitea does not provide shell access.
If this is unexpected, please log in with password and setup Gitea under another user.
Connection to 192.168.1.110 closed.

[thegadgetman]

Thank you for the reply.

So I've generated an ED25519 key pair, loaded public key to the Gitea user and tested it with the SSH connection you suggested below and all of that works.

In opnsense, I have the URL as 'ssh://<ip of Gitea server:port>/<Gitea user>/<repo>.git' with username 'git' and 'Branch' to 'main'.

THIS NOW WORKS! THANK YOU!

Testing with the SSH command confirmed I had configured Gitea properly and therefore the issue was in opnsense config.
I wondered if the issue was the non-standard port but following your instructions for the opnsense config - and using the server IP and not the hostname has got this running.