发表新帖
发表新帖

Gitolite git clone requires ssh password

前端 未结
关注
3 1105
花落未央
花落未央 2021-02-10 22:34

using Gitolite on a Ubuntu server. Have a project im working on that i need a particular syntax for the git command.

Works great:

git clone gitolite@serv
相关标签:
3条回答
  • 既然无缘
    2021-02-10 23:14

    You need to setup ~gitolite/.ssh/authorized_keys with a line like

    command="/home/gitolite/bin/gl-auth-command <USERNAME>",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAA...KEY.HERE...ZZZZ== user@label

    A random URL with info relating to this (see the bottom of the page)

    http://www.geekgumbo.com/2011/10/18/ssh-and-the-gitolite-installation-part-2/

    Ensure to change ownership of ~gitolite/.ssh/authorized_keys as per SSH requirements with:

    chown gitolite: ~gitolite/.ssh/authorized_keys
chmod go-w ~gitolite/.ssh/authorized_keys

    EDIT: to reflect your edits changing 'git' to 'gitolite' system username.

    Test your access from the client with:

    ssh -l gitolite -i <file_id_rsa_foobar> -v -o PasswordAuthentication=no -T <host>

    Added -T seems needed on my local system to get banner (typed in excuse mistakes):

    ....
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/username/.ssh/id_rsa_foobar
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /home/username/.ssh/id_dsa_foobar
debug1: Remote: Forced command: /home/gitolite/bin/gl-auth/command <username>
....
hello <username> this is gitolite vX.X.XX-g0123abcd running on git X.X.X
the gitolite config gives you the following access:
    R   W    mydir/project1
....
    0 讨论(0)
  • Happy的楠姐
    2021-02-10 23:16

    Yet another thing to try: if AllowGroups is in use for the sshd on the server, check that the git-user is included in one of those groups.

    0 讨论(0)
  • 失恋的感觉
    2021-02-10 23:22

    If the first version works, that means the public keys have been published under the account named 'gitolite': ~gitolite/.ssh/authorized_keys.

    The permission issue you have encountered is described here: "Creating SSH keys for Gerrit and Hudson": note that all the parent directories of a .ssh shouldn't have write permission for group or other: /home, /home/yourUser, /home/yourUser/.ssh.

    Plus, you shouldn't ever clone a gitolite repo with the full path of the repo: servername/home/gitolite/repositories/testing.git is wrong (and would by-pass gitolite completely).
    servername:testing.git is right.

    From the gitolite V2 doc:

    The following problem(s) indicate that your pubkey is bypassing gitolite and going straight to a shell

    running git clone git@server:repositories/reponame (note presence of repositories/ in URL) works.

    [A proper gitolite key will only let you git clone git@server:reponame (note absence of repositories/)]

    0 讨论(0)
 看不清?
提交回复
热议问题