All geek questions in one place

Like Github, Gitlab, Gitosis, etc. Know which user is logged in?

I asked myself how these git hosting tools / sites know which user is logged in.

I mean, you log in via SSH git@github.com /... and that means you log in as a git user

and the only information that reliably identifies you as your real user is your public key. But how do they know your login key?

One way to do this is to look at the log file specified in this question:

Can I find out which ssh key was used to access my account? https://unix.stackexchange.com/questions/15575/can-i-find-out-which-ssh-key-was-used-to-access-an-account

but that means you have to install loglevel in VERBOSE, but I have a Gitlab installation, and loglevel is in INFO and not being overwritten in sshd_config anywhere.

so briefly: if you go to Github or gitlab via SSH it tells you:

ssh git @ github.com Failed to distribute PTY distribution on channel 0

Hi USERNAME! You have successfully authenticated, but GitHub does not provide shell access.

Connection to github.com is closed.

but how does github know that I am USERNAME when I log in as git?

EDIT:

I know that there is a comparison between my key and my account, but the gitolite (or (for example) the gitolit shell must somehow find out my public key, how is this key delivered to the gitolit shell of the legs?

Somehow I need to find out the ssh-public-key that is used in this session, this is the key to my question, how does it know which ssh-key is used to log into the system

+4
source share
3 answers

As for githolite (which replaces obsolete githoz), he knows who you are because you registered your identifier with your open ssh ket in the gitolite server ~git/.ssh/authorized_keys file.

See " How do programs like guitarolite work?"

This file contains lines like:

 command="[path]/gitolite-shell sitaram",[more options] ssh-rsa AAAAB3Nt...

This means that the ssh session will invoke gitolite-shell with a parameter representing your identifier.

This has nothing to do with the config user.name you use for your commits.
It has everything related to the authentication mechanism (https or ssh) that you use, which is then passed by authorization level, for example gitolite .

GitHub has its own authorization level (different from gitolite), but the idea is the same (the login is associated with the ssh public key).

+4
source

he knows because of your SSH key, but in the declaration USERNAME is taken for local git configuration. Thus, all commits from one key will be assigned to your account, but the name that appears in the commits can be any.

your key is added on the github server to the user git.ssh, then on the push hook it checks the key against the user of the real github user

+1
source

ok, I figured this out with your posts:

The gitol shell (and probably a similar path in gitlab) knows which user I am due to SSH Force commands

So, you can define the command that is executed after logging in , depending on your public key

exactly what VonC said, but didn’t indicate clearly enough for me: D

command = "[path] / gitolite-shell sitaram", [more options] ssh-rsa AAAAB3Nt ..

this line means call the gitolit shell with the sitaram IF parameter if the user logs in with a specific SSH key ssh-rsa AAAAB3Nt..

and I looked at authorized_keys in my gitlab and voila installation: command="/home/git/gitlab-shell/bin/gitlab-shell key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAAB3Nz...

+1
source

Source: https://habr.com/ru/post/1495103/

More articles:


All Articles