I have successfully created gitolite-admin.git repo on server (say) 10.107.105.13. I can clone this repo on my local machine (say) 10.14.42.7 by issuing git clone gitolite#10.107.105.13:gitolite-admin. I had to add some lines in .ssh/config file to make sure that correct private key is used.
Then I have added a user dilawar to conf/gitolite.conf file and a appropriate key dilawar.pub to keys folder. I have added and commited this commit to the gitolite-admin repo. I have also added one more entry in .ssh/conf file so that a correct private key is used. But when I try to do git clone dilawar#10.107.105.13:testing, gitolite asks for the password. I am under the impression that I do not have to create user dilawar on 10.107.105.13. I have checked by logging into server that repository testing.git exists as well public-key dilawar.pub has been added to .ssh/authorized_keys.
I have also tried ssh -vvvv dilawar#10.107.105.13 to check if the correct file is being offered. Here is my .ssh/conf file.
HostName 10.107.105.13
User gitolite
IdentityFile ~/.ssh/gitolite
Host 10.107.105.13
HostName 10.107.105.13
User dilawar
IdentityFile ~/.ssh/id_rsa
What I am doing wrong?
In your config file, I see:
User dilawar
That is wrong. ssh communication to a gitolite server are always done with the same account (here gitolite).
What changes is the private key used, which will help gitolite determine your identity.
What you ~/.ssh/config file should look like is:
Host admin
HostName 10.107.105.13
User gitolite
IdentityFile ~/.ssh/gitolite
Host dilawar
HostName 10.107.105.13
User gitolite
IdentityFile ~/.ssh/id_rsa
For cloning gitolite-admin, you would use:
git clone admin:gitolite-admin
For cloning a repo dilawar has access to:
git clone dilawar:aRepo
See more at "Gitolite: adding user not working, and DENIED by fallthru when cloning as root?".
See also "how gitolite uses ssh"
Adding your public key to the server's ~git/.ssh/authorized_keys file is how ssh uses pubkeys to authenticate users.
Let's say sita#work.station is trying to log in as git#server.
What you have to do is take the ~sita/.ssh/id_rsa.pub file for user sita on work-station and append its contents (remember it's only one line) to ~git/.ssh/authorized_keys for user git on server.
The authorized_keys file can have multiple public keys (from many different people) added to it so any of them can log in to git#server.
I have got it working by cloning the repository using the gitolite username.
git clone gitolite#server:repo
If keys are added successfully then further pull and push will go smoothly.
I am accepting VomC answer as a better answer.
VonC's answer is the key, but I ran into an edge case that's worth mentioning for future searchers.
Even if you do everything else right, as in VonC's answer, a somewhat standard setting for ControlPath can mess things up.
I had two users in ~/.ssh/config, as below:
Host gitolite
HostName <whatever>
User git
IdentityFile ~/.ssh/gitolite
Host username
HostName <whatever>
User git
IdentityFile ~/.ssh/username
In theory, this should have allowed me to run git clone git#username:reponame, but the server kept thinking that I was trying to clone the repo as the gitolite admin (who does not have permission to clone that repo), rather than as the gitolite user (who does have permission to clone the repo).
The problem was that in my all hosts section, I had the following:
Hosts *
# other stuff that doesn't matter
ControlPath ~/.ssh/ssh-%r#%h:%p
If you don't see it right away (I didn't!), the problem is that the expansions for %r#%h%p (= username#hostname:port) are identical for the gitolite and username entries. They're both git#hostname:port! Once I realized that, it was an easy fix. Simply add distinguishing elements into a more specific ControlPath entry for those two users. E.g.,
Host gitolite
HostName <whatever>
User git
IdentityFile ~/.ssh/gitolite
ControlPath ~/.ssh/gitolite-admin-%r#%h:%p
Host username
HostName <whatever>
User git
IdentityFile ~/.ssh/username
ControlPath ~/.ssh/gitolite-username-%r#%h:%p
I had to edit /etc/ssh/sshd_config and add git (the user) to the line which begins with AllowUsers.
Then I had to add git to a sysadmin group that was also allow on sshd_config's line that begins with AllowGroups.
Don't forget to restart the ssh daemon with sudo service ssh restart.
Note : I didn't have to ssh-copy-id or add the public key to /home/git/.ssh/authorized_keys as suggested before (gitolite's developer recommends against this btw.)
I had the same problem, with a different solution because of my config. I setup my gitolite user as “git” so I needed to do git clone git#server:repo.git
Related
I am setting up my ssh config for 2 different accounts in gitlab.
Host gitlab.com-roulette
HostName gitlab.com
User norayr.ghukasian
IdentityFile /home/norayr_ghukasyan/.ssh/id_ed25519_roulette
Host gitlab.com-devlix
HostName gitlab.com
User norayr.ghukasyan
IdentityFile /home/norayr_ghukasyan/.ssh/id_ed25519_devlix
I am getting a Permission denied error.
The strange thing for me is that the first one is working fine, therefore I think there is some tiny issue in my config that I am not aware of. I guess when the user or the server tries to connect, ssh automatically matches the first config with matched HostName.
How do I set up it properly to work for both of the accounts?
P.S. The Users are different - norayr.ghukasian and norayr.ghukasyan.
Following Use difference accounts on a single GitLab instance you would setup your configuration like so:
Host norayr.ghukasian.gitlab.com
Hostname gitlab.com
PreferredAuthentications publickey
User git
IdentityFile /home/norayr_ghukasyan/.ssh/id_ed25519_roulette
Host norayr.ghukasyan.gitlab.com
Hostname gitlab.com
PreferredAuthentications publickey
User git
IdentityFile /home/norayr_ghukasyan/.ssh/id_ed25519_devlix
Then to clone a repo as norayr.ghukasian user:
git clone git#norayr.ghukasian.gitlab.com:gitlab-org/gitlab.git
Using the username as the alias is not absolutely necessary. You can use a different alias if you wish and set it in the Host section of your ssh config.
Key takeaways:
The only thing that you need to tell GitLab who you are is the IdentityFile.
You can direct git/ssh to use a specific identity file by the alias you use for the host configured in the ssh config.
I have two repositories on one machine on the same account on Github. I've added an ssh key to my account and pushing to repository A succeeds but I can't push to repository B. SSH keys on github aren't associated to specific repos iirc.
A little research has led me to find out that I need two different keys. How do I edit my config file so that git uses the correct key when pushing to the second repo?
I got to the solution by modifying the .ssh/config file to append this
Host repo2.github.com
User git
Port 22
Hostname github.com
IdentityFile ~/.ssh/id_rsa2
TCPKeepAlive yes
IdentitiesOnly yes
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
and then adding by appending the following in the .git/config file
[remote "origin"]
url = git#repo2.github.com:[Username]/G2-FrontEnd.git
fetch = +refs/heads/*:refs/remotes/origin/*
I've installed GitLab per https://github.com/gitlabhq/gitlab-recipes/tree/master/install/centos.
The instructions state to add user "git"
adduser --system --shell /sbin/nologin --comment 'GitLab' --create-home --home-dir /home/git/ git
All seemed to work. I then added a project on the GitLab server, and it gave instructions to push to it:
cd existing_git_repo
git remote add origin git#mysite.com:root/bidjunction.git
git push -u origin master
I then went to my client to push to the git server.
[Michael#devserver bidjunction]$ git push -u origin master
The authenticity of host 'mysite.com (123.456.789.01)' can't be established.
RSA key fingerprint is cd:32:3c:5a:4e:33:44:11:df:ee:3s:4b:3a:c2:a4:c2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'mysite.com,123.456.789.01' (RSA) to the list of known hosts.
Address 123.456.789.01 maps to ve6.phpwebhosting.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
git#mysite.com's password:
Is there a password I should have set? Probably not, and instructions don't address.
Reading System ask password when push project to github, it appears it might be related to SSH.
GitLab provides the following instructions to add a SSH key. I followed them, and first added the key to my general user's home on the server. No change. Then tried logging on a root, and added a key to git's home. Still none, but I am thinking that the client already has my general user's key, thus is not pulling the new git key.
EDIT. Please confirm that I should add these keys to the GitLab server, and not my Linux client.
Any and all help would be very much appreciated.
SSH Keys
SSH key allows you to establish a secure connection between your computer and GitLab
Before generating an SSH key, check if your system already has one by running cat ~/.ssh/id_rsa.pub If your see a long string starting with ssh-rsa or ssh-dsa, you can skip the ssh-keygen step.
To generate a new SSH key just open your terminal and use code below. The ssh-keygen command prompts you for a location and filename to store the key pair and for a password. When prompted for the location and filename you can press enter to use the default. It is a best practice to use a password for an SSH key but it is not required and you can skip creating a password by pressing enter. Note that the password you choose here can't be altered or retrieved.
ssh-keygen -t rsa -C "$your_email"
Use the code below to show your public key.
cat ~/.ssh/id_rsa.pub
Copy-paste the key to the 'My SSH Keys' section under the 'SSH' tab in your user profile. Please copy the complete key starting with ssh- and ending with your username and host.
EDIT 2
Looks like I was confused, and used GitLab's server id_rsa.pub. Guess that doesn't make any sense! I've since corrected it, but now I get this error:
[Michael#devserver ~]$ ssh git#mysite.com
Address 123.456.789.01 maps to ve6.phpwebhosting.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
PTY allocation request failed on channel 0
This account is currently not available.
Connection to mysite.com closed.
[Michael#devserver ~]$
Seems like a SELinux permission issue. Steps to follow:
restorecon -R -v /home/git/.ssh
usermod -s /bin/bash git
Edit your home machine user's .ssh/config to something like:
Host mysite.com
User gitlab_username
Hostname mysite.com
PreferredAuthentications publickey
IdentityFile /home/user/.ssh/id_rsa
Try connecting to the gitlab server ssh -T git#mysite.com. You should see a message welcoming you.
I added it to the installation guide. I have a merge request ready with several enhancements. I will merge it when gitlab 6.8 is released.
I believe you need to set up your global config username and email
$ git config --global user.name "John Doe"
$ git config --global user.email johndoe#example.com
Check if the git user has a no login shell as you specified. Changing that to bash as suggested fixed my problem (usermod -s /bin/bash git).
The basic problem is that every time I execute a git pull, I am asked for a password.
Servers
I have a 2-server setup. Server1 hosts the git remote origin. Both server1 and server2 pull from that server1 origin into their web-accessible folders.
Users
The same 2 users are on both servers: an admin user and a file user. The admin user has the ability to behave as root, and the file user owns the files. Both users belong to the same group. The file user and the group own the web-accessible files, and, on server1, the remote origin files.
SSH
The server1admin, server2admin, and the server2file users have been set up to ssh using public keys as server1file user, and if I try to ssh directly from the command line, everything works as expected.
GIT
On server1, the git origin is /git_repos/repo.git
On server2, the git origin is ssh://server1file#server1/git_repos/repo.git
The Problem, Rephrased
When I am logged into server2 as server2admin and execute git pull, I'm asked for the server1file user's password, and I don't know why.
Curiously enough, if I change the origin on server2 to ssh://server1admin#server1/git_repos/repo.git, I am asked for the server1admin user's password.
Any ideas about what I should look at to figure out why a password is necessary?
try running the command ssh-add on server 2
While I'm not sure why, adding server1file and server1admin users to server2file user's authorized_keys file fixed the issue.
I create a deploy user, generate an ssh_key, I add id_rsa.pub as github deploy key.
this deploy user need pull 2 repo, so I add the same ssh_key to another repo as deploy key.
but github tell me, deploy key already in use.
and I don't know how add 2 id_rsa.pub for 1 user.
update:
I add id_rsa_assets additional, but I still cannot pull.
ssh-add .ssh/id_rsa_assets
Could not open a connection to your authentication agent.
.ssh/config
Host guardians
Hostname github.com
User git
IdentityFile ~/.ssh/id_rsa
Host assets
Hostname github.com
User git
IdentityFile ~/.ssh/id_rsa_assets
You can create two public/private keys with whatever name you want:
~/.ssh
repo1
repo1.pub
repo2
repo2.pub
config
(Ie it doesn't have to be named id_rsa(.pub) to work, provided you indicate ssh where to look.
That is where 'config' comes into play: the config file includes the name of your two connections for GitHub repo1 and GitHub repo2 with, for each connection, the path to your private repo key, as described in "change github account mac command line" and in "Quick Tip: How to Work with GitHub and Multiple Accounts":
Host githubRepo1
HostName github.com
User git
IdentityFile ~/.ssh/repo1
Host githubRepo2
HostName github.com
User git
IdentityFile ~/.ssh/repo2
That way you can pull from any of the two repos, as long as you are using their ssh addresses.