All geek questions in one place

Git server that allows you to pull and push without a private key

On a Ubuntu 12.04 machine, I installed a git server after this guide: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-git-server-on-a-vps

Even after adding pub keys to the authorized_keys file, anyone who does not have a private key can clone and push new commits to the server. What can cause this problem?

+6
source share
3 answers

You can get a detailed trace of your ssh connection using a small script and specifying GIT_SSH so that this script is used when git connects to your server.

#!/bin/sh exec ssh -v $@

and export GIT_SSH=$HOME/ssh-debug or export GIT_SSH=$HOME/ssh-debug you call this file. The -v flag includes verbose messages from ssh, and you can see which stage allows the connection to be established. When testing this on my server, I see that it is trying to download various keys and then request a password to unlock the key file. If I give a bad password, it will continue to verify the password on the server. You may have allowed passwords with an empty password to be logged in to your git account, which then allows someone. However, I believe that verbose ssh logging should identify the problem.

The above script also works with Windows clients. Just use set GIT_SSH=c:\pathwithoutspace\ssh-debug if you are using cmd shell.

0
source

Your SSH server probably allows logins with username and password. This can be disabled like this , that is, through PasswordAuthentication no in sshd_config on the server.

Update:. Many people think that there is something like "git administration." Usually this does not happen. Git administration mainly consists of the SSH deban configuration and any configuration that the SSH server uses only Git when using the SSH protocol.

0
source

You disable SSH with a password for all users. If it uses standard git SSH formatting, it is just SSH with the git user, and if for some reason it does not enter the git user password when pushing / pulling, it will do nothing but disable SSH for any other users that can use password.

0
source

Source: https://habr.com/ru/post/976131/

More articles:


All Articles