All geek questions in one place

For gitolit git ssh password is required

using gitolite on an ubuntu server. I have a project I'm working on, I need certain syntax for the git command.

Works great:

git clone gitolite@servername :testing.git

asks for a password

 git clone ssh:// gitolite@servername /home/gitolite/repositories/testing.git

He ran from one box, one after another. I can put in a password and it works. But I need to work automatically. There seems to be a problem with ssh pub / private keys. Any ideas?

Update : There was a problem with file permissions. Not sure if the difference is too team. But /var/log/auth.log showed some errors

+4
source share
3 answers

You need to configure ~ gitolite / .ssh / authorized_keys with a line like

 command="/home/gitolite/bin/gl-auth-command <USERNAME>",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAA...KEY.HERE...ZZZZ== user@label

A random url with information related to this (see bottom of page)

http://www.geekgumbo.com/2011/10/18/ssh-and-the-gitolite-installation-part-2/

Secure ownership of ~ gitolite / .ssh / authorized_keys as required by SSH with:

 chown gitolite: ~gitolite/.ssh/authorized_keys chmod go-w ~gitolite/.ssh/authorized_keys

EDIT: change your changes by changing "git" to username "gitolite".

Check your access from the client:

 ssh -l gitolite -i <file_id_rsa_foobar> -v -o PasswordAuthentication=no -T <host>

Added -T seems necessary in my local system to get a banner (typed apology errors):

 .... debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/username/.ssh/id_rsa_foobar debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering DSA public key: /home/username/.ssh/id_dsa_foobar debug1: Remote: Forced command: /home/gitolite/bin/gl-auth/command <username> .... hello <username> this is gitolite vX.X.XX-g0123abcd running on git XXX the gitolite config gives you the following access: RW mydir/project1 ....
+5
source

If the first version works, it means that the public keys were published under an account with the name " gitolite ": ~gitolite/.ssh/authorized_keys .

The permission problem described here is described here: “ Creating SSH keys for Gerrit and Hudson ”: note that all .ssh parent directories must not have write permission for the group or others: /home , /home/yourUser , /home/yourUser/.ssh .

In addition, you should never clone a gitolite repo with the full repo path: servername/home/gitolite/repositories/testing.git is incorrect (and completely bypasses the gitolite).
servername:testing.git right.

From gitolite V2 doc :

The following problem indicates that your pubkey bypasses the gitolit and goes directly to the shell

git clone git@server :repositories/reponame (note the presence of repositories/ in the url).

[The correct gitolit key will only allow you git clone git@server :reponame (note the absence of repositories/ )]

0
source

Another try: if AllowGroups is used for sshd on the server, check that git -user is included in one of these groups.

0
source

Source: https://habr.com/ru/post/1434713/

More articles:


All Articles