I have a Plan , I am create some user on my server but I want give them restrict for access our Server like
that user can use git like (push,pull,clone,ect)
that user cannot login ssh
that user can be use sftp for manage project using ftp or sftp client, and cannot access(read,write,execute) filesystem directory . only project folder can they accesed.
I know git need ssh for do it git system.it's look weird question, it's possible using git like I mean ?
Well, you may use git-shell as a shell for git-only user (see man git-shell). Regarding sftp newer OpenSSH has ChrootDirectory directive, see http://en.wikibooks.org/wiki/OpenSSH/Cookbook/SFTP#Chrooted_SFTP-only_Accounts
Related
git#domain already exists in my university network.
However, the Ubuntu 18.04 server that host git#domain is very unstable.
So I wished to set up a Debian server and install with Git.
Can I use hostname other than git to setup Git server?
It is necessary to create git user account for Git server to work?
Because I read many guides[1][2][3], all of them ask to run adduser git command.
It is recommended to create a dedicated account (for security reason as commented)
However, nothing in Git involves a specific user name.
And git#aserver can be seen as an SSH URL, which means there would not even be a "Git server", but simply an sshd (SSH daemon) listening for queries in order to access repositories owned by that account( be it named 'git' or any other name)
I have a file on my desktop that I need to FTP to a server. As I've been navigating this server, I need to login with initial credentials to access the box and then needed to run sudo -u [username] ksh to access the folder I need. (No password)
In Filezilla however, I only enter credentials once and therefore, don't have the option to sudo as the user and get permissions to the folder.
Am I going about this process wrong and if so, what's the usual way to do this?
There is no way to switch user on the ftp protocol. You need to know the correct credentials in the first place.
The closest you could come would be to ftp the files to a directory you do have access to, log in with a shell, and then move the files using shell commands after switching user.
System environment :
Server: Centos 6.2
Client: Windows + TortoiseSVN + putty
I have installed subversion in centos, created repository on server, and configured svn+ssh access way using key authentication. Everything works fine.
But I have a question about svn user using svn+ssh mode.
The svn user have a ssh key, so he can access subversion server and of course he can also access Centos server by SSH using the key authentication. Further, he can copy subversion repository files(Specifically /db files) from centos server using like WinSCP tool base on SSH.
So, I wanna know if there is a way that let the svn user just can access svn repository via svn+ssh and can't copy repository files from centos directly via ssh accessing?
If he can copy repository files from centos server via ssh, I think the svn access control realized by conf/authz file doesn't make any sense and svn repository isn't safe.
I just learn how to create a svn+ssh subversion server, so maybe my knowledge isn't enough, please give me a idea or just tell me whether a solution exists.
If can't prohibit copying files from Linux server via SSH, I will use svn or http(s) access mode.
Thank you!
I found a way to solve this problem.
add command into authorized_keys file to disable ssh shell login and scp, but enable svn+ssh, like this:
"/usr/bin/svnserve -t -r /svn/test/",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding
after add your authorized_keys file will like this:
command="/usr/bin/svnserve -t -r /svn/test/",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding ssh-rsa A......................................................................
I think this is one solution, do your have others? Please let me know.
Anybody know how to checkout, clone, or fetch project or code from a git remote repository on a Windows server?
Repository IP is: xxx.xx.xxx.xx, source file directory is c:\repos\project.git
I am used to the command line interface from a SUSE Linux terminal. I have tried the same kind of method but it always replies that
fatal: ''/repo/project.git'' does not appear to be a git repository
fatal: Could not read from remote repository..
Please make sure you have the correct access rights
Can anyone tell me how to setup and clone?
You have to set up some kind of sharing from the windows machine, that you can access with git. Git supports 3 access methods: ssh, remote filesystem or http. The last one is probably most complicated, so I won't detail it. The first two are:
Set up ssh server on windows.
You can try this guide: http://www.timdavis.com.au/git/setting-up-a-msysgit-server-with-copssh-on-windows/. See also this question for some more options.
Than you clone by git clone username#xxx.xx.xxx.xx:/c/git/path/to/repo (you will be asked for password).
Advantage of this method is that it's secure (connection is encrypted and ssh server is trustworthy), so you can use it over internet. Since git server is running on the windows machine during access, you can set up hooks for advanced security policy, controlling other processes and such.
Share the repository using windows sharing.
Than on the linux host, you need to mount the share with smbmount. That might require username and password, depending on how you set the permissions.
Than you clone by git clone /share/mountpoint/path/to/repo.
This is probably easier to set up, but it is not very secure, so it shouldn't be used outside local network. Also in this case hooks on the windows machine won't be executed (in fact git will try to execute them on the Linux machine, but they either won't run there or can be bypassed anyway), so you can't apply advanced security.
A particular file is not relevant, you need to give path to the directory containing .git subdirectory or to the directory that is a bare repository (path/to/repo above).
First of all, the git repository is just a bunch of files you need to access. You wrote about cloning and fetching repository, and this is easy part - you just need to access the files (and have read rights).
It can be done by direct access to filesystem, by http(s) protocol, or by ssh connection. Actually, there is even a way to do it by ftp server.
What you can do:
1) set the ssh server, then access the git files via ssh server - actually, the path you should use depends on the ssh server you use on windows: source
2) set the web server to access the file:
git clone http://host/path/to/repo
3) mount filesystem from windows on your linux machine and clone repo:
git clone /mnt/filesystem/path/to/repo
Despite the method you choose I suggest to consult the apropriate chapter from Pro Git Book
I am the CM person for a small company that just started using Git. We have two Git repositories currently hosted on a Windows box that is our all-purpose Windows server. But, we just set up a dedicated server for our CM software on an Ubuntu Linux server named "Callisto".
So I created a test Git repository on Callisto. I gave its directory all of the proper permissions recursively. I had the sysadmin create a login for me on Callisto, and I created a key to use for logging in via SSH. I set up my key to use a passphrase; I don't know if that could be contributing to my problems? Anyway, I know my SSH login works because I tested it through puTTY.
But, even after hours of trials and head scratching, I can't get my Windows Git bash (mSysGit) to talk to Callisto for the purposes of pushing or pulling Callisto's git repository files.
I keep getting "Fatal error. The remote end hung up unexpectedly." And I've even gotten the error that Git doesn't recognize the test repository on Callisto as a git repository. I read online that the "Fatal error...hung up unexpectedly" is usually a problem with the server connection or permissions. So what am I missing or overlooking here? And why doesn't a pull using the git:// protocol work, since that only uses read-only access? Group and public permissions for the git repository's directory on Callisto are set to read and execute, but not write.
If anyone could help, I would be so grateful. Thank you.
If you use putty/pageant, check if your host is in the know_hosts file in
docssettings/userdir/.ssh
If not, try putty first and accept the key your server provides.
Do you have similar lines in .git/config?
[remote "origin"]
url = ssh://user#server/.../repo.git
I have only passing familiarity with mSysGit, but I don't think it installs an ssh client. Without the ssh client, git cannot connect to the server. (This functionality isn't baked into git as per the Unix philosophy.) As for the git protocol, unless the server has that enabled, it won't work. Since it seems you have the server setup for ssh access, I doubt you'll get anywhere with the git protocol.
Anyway, I know my SSH login works
because I tested it through puTTY.
Have you confirmed that you can SSH to the server from your msysgit client?
i.e. what happens when you ssh user#callisto.com from the msysgit command line?
For further details about setting up your git server, you may want to review Pro Git: Chapter 4 "Git on the Server".
And why doesn't a pull using the
git:// protocol work, since that only
uses read-only access?
For the git protocol to work, you must setup the git daemon on your server as described in Chapter 4.9 of Pro Git.
You may also want to take a look at this answer to a related SO question. It has a more detailed checklist of things to consider.