I installed gitosis on my Ubuntu 10.4 Server via
apt-get install gitosis
Then I initialized the admin repository with
sudo -H -u gitosis gitosis-init < nameOfThePublicKeyFile
After this I thought that it the admin repository is only clonable for clients that offer the private key that fits to the public key file of the repository. So just to be sure, I tested if it is possible to clone the repository without the private key or with a false private key. Unfortunately and surprisingly it worked.
I tested this with tortois git on windows.
Therefore my question is:
How can I secure my repositories, so that they can only be cloned if I provide the correct private key.
Did I skip an important step in the installation process or anything?
Thanks for any help!
I think I found the error and it has nothing to do with gitosis.
I found out that my tortoisgit client on windows somehow caches the correct private key file of a git connection if it cloned a repository succesfully once. Even if I provide a wrong keyfile afterwards.(I don't know where it saves it but I saw it in the config file that is created by tortoisgit when a repository is cloned.)
I tried to clone my repository with with another windows computer, just to be sure, that is is only a caching problem. And voila this other computer that never saw my private key file could not clone the repository.
It is always useful, when the GUI fails (here TortoiseGit) to revert to the CLI (msysgit or git itself) to see if the issue persists.
You saw that it might be related to an authentication cache problem within TortoiseGit, and bug 659 does illustrate that cache problem.
The other option would be trying to use a 'config' ssh address, ie an ssh address based on a ssh config file (where you can reference explicitly the name of the private key to use for that connection).
See as an example "NBGit to remote host with ssh" or "git + assembla + multiple ssh keys/multiple computers".
Related
I am working on linux and I clone a private repository using my github account credentials. But over the period of time my password has changed for github and whenever I try to use git pull it is giving me an error
remote: Invalid username or password.
How can I change the password which I used while cloning the repository for the first time?
You the issue an git remote -v and check what kind of auth you are using. I always use git protocol (which uses SSH). You can freely edit those remote urls in ./git/config file. I believe you cloned it using HTTP (or using SSH w/o .ssh key file being present).
If you want to use SSH, you can follow this: https://help.github.com/articles/generating-ssh-keys
Then you will never need to worry about passwords again.
I have two CentOS servers that are set up the same. I created a git repo on server A and pushed it to github. I then cloned the repo on server B. At first, all seemed to be in order. I could commit on either server, push to the remote, and the pull on to the other server.
The problem is that my co-workers now cannot push or pull on server B (they can run git status or commit). Strangely, this applies to ALL repos on server B, not just the one I cloned. Here is the error they see:
ERROR: Repository not found.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I checked that they are in the collaborators lists (both as owners and on the team assigned to the repo).
I also tried changing to the root user and cloning the repo again--as root I received the same error as above. The global .gitconfig does not reference my user or key, and the local .git/config files are set to use SSH (git#github.com).
What would cause this error to happen all users but one? Where else should I be looking?
Add '-v' to your git command as you run it to get more verbose output, that should tell you what's wrong.
I did resolve this issue. I found the problem by running ssh -T -vvv git#github.com which showed different keys being used for my user vs. the other users on the server. The key being used generally was not tied to a user in our github account. The fix:
Generated a new SSH key
Added key to shared user on github account
Updated .ssh/config to use the new key when accessing github.com
I am not certain how the SSH key got messed up, because it worked before. But this fixed it.
I installed Gitlab on my Ubuntu successfully(gitlab.domain.com), on a client PC I installed Git (windows 7), then run Git Bash to generate SSH keys with command: ssh-keygen -t rsa -C "username#domain.com" to create private/public keys on C:\Users\AccountName.ssh
Then, add public key to profile on installed gitlab. Then can clone/push on Git Bash.
However, I can not reproduce this on other PCs, I tried some PCs, created new users, new ssh keys...
but always encounter that error "The remote end hung up unexpectedly", sometimes can clone but also get that error when pushing.
I can only clone/push on first PC. I'm so confused, don't know what I missed. I'm trying to get my team on Git
Thanks a lot for any advice
Make sure you are pointing it at the correct git server. Also - login on your Jenkins server (Under the jenkins user) and ssh to git#your-git-server and make sure to select 'yes' to add the server to your known hosts.
I had the same error and it was an access-level problem :
my user only had guest access to my project so it wasn't able to clone it. I changed the access level to developper and it solved my problem
I have been banging my head against a wall for a while now, and none of the people in my immediate vicinity know more than I do at this point.
My office has a lab box that they want to use for a central git repository -- mainly for testing various things. They also, of course, want me to get some experience setting up git so that we can possibly set up other git instances later.
I am running Windows 7 with an OEL 5.7 VM, and the box is running OEL 5.5. From my VM, I SSHed into the lab box and started tinkering. After installing git and gitosis, I have managed to get the instance working locally. I can see the git repository just fine, and if I try to clone it locally, it all works like a dream. But if I try to SSH in from my VM, it either A.) kicks me out with fatal: 'testproject.git' does not appear to be a git repository or B.) kicks me out with Permission denied (publickey,gssapi-with-mic), depending on how I invoke git.
Example: I configured the access to a test project I created (and tested locally) as follows:
[group team]
writable = testproject
members = oracle#RCSDB cwerness cwerness#localhost cwerness#localhost.localdomain
This is my first experience setting up a git repository, so I wanted to cover my bases regarding remote users. Thus, the redundancy in the members section.
When I try to clone the repository with my username only, I get
[cwerness#localhost Desktop]$ git clone cwerness#10.1.1.10:testproject.git
Cloning into testproject...
Enter passphrase for key '/home/cwerness/.ssh/id_rsa':
fatal: 'testproject.git' does not appear to be a git repository
fatal: The remote end hung up unexpectedly
If, however, I try to clone the repository with more information, I get
[cwerness#localhost Desktop]$ git clone "cwerness#localhost.localdomain"#10.1.1.10:testproject.git
Cloning into testproject...
Permission denied (publickey,gssapi-with-mic).
fatal: The remote end hung up unexpectedly
I have all the public keys stored in the /keydir folders. The repository was created and is owned by the user oracle, and I have tried all permutations of that user and its domain in the above clone commands as well, to no effect. Additionally, I tried setting up a ~/.ssh/config file like this
Host labbox
Hostname 10.1.1.10
User cwerness
IdentityFile /home/cwerness/.ssh/id_rsa
Again, I tried all the different ways to connect, from both users. Nothing is giving me any more information than I already had.
The box is set up to authenticate SSH connections via public keys, and that works fine. I can SSH into the box as cwerness with no problems.
This is getting to be a huge headache for me, and I'd like it if someone could tell me exactly HOW I am being stupid, if not a way to fix this problem.
git clone cwerness#10.1.1.10:testproject.git will look in the home directory for the user cwerness but you state you put the repository in /home/oracle/repositories. Try git clone cwerness#10.1.1.10:/home/oracle/repositories/testproject.git.
I am the CM person for a small company that just started using Git. We have two Git repositories currently hosted on a Windows box that is our all-purpose Windows server. But, we just set up a dedicated server for our CM software on an Ubuntu Linux server named "Callisto".
So I created a test Git repository on Callisto. I gave its directory all of the proper permissions recursively. I had the sysadmin create a login for me on Callisto, and I created a key to use for logging in via SSH. I set up my key to use a passphrase; I don't know if that could be contributing to my problems? Anyway, I know my SSH login works because I tested it through puTTY.
But, even after hours of trials and head scratching, I can't get my Windows Git bash (mSysGit) to talk to Callisto for the purposes of pushing or pulling Callisto's git repository files.
I keep getting "Fatal error. The remote end hung up unexpectedly." And I've even gotten the error that Git doesn't recognize the test repository on Callisto as a git repository. I read online that the "Fatal error...hung up unexpectedly" is usually a problem with the server connection or permissions. So what am I missing or overlooking here? And why doesn't a pull using the git:// protocol work, since that only uses read-only access? Group and public permissions for the git repository's directory on Callisto are set to read and execute, but not write.
If anyone could help, I would be so grateful. Thank you.
If you use putty/pageant, check if your host is in the know_hosts file in
docssettings/userdir/.ssh
If not, try putty first and accept the key your server provides.
Do you have similar lines in .git/config?
[remote "origin"]
url = ssh://user#server/.../repo.git
I have only passing familiarity with mSysGit, but I don't think it installs an ssh client. Without the ssh client, git cannot connect to the server. (This functionality isn't baked into git as per the Unix philosophy.) As for the git protocol, unless the server has that enabled, it won't work. Since it seems you have the server setup for ssh access, I doubt you'll get anywhere with the git protocol.
Anyway, I know my SSH login works
because I tested it through puTTY.
Have you confirmed that you can SSH to the server from your msysgit client?
i.e. what happens when you ssh user#callisto.com from the msysgit command line?
For further details about setting up your git server, you may want to review Pro Git: Chapter 4 "Git on the Server".
And why doesn't a pull using the
git:// protocol work, since that only
uses read-only access?
For the git protocol to work, you must setup the git daemon on your server as described in Chapter 4.9 of Pro Git.
You may also want to take a look at this answer to a related SO question. It has a more detailed checklist of things to consider.