Adding Users to our Secure Gitosis setup
Now that we’ve got our gitosis based git server set up (see Previous Installment), it’s time to add users and repositories.
First, users.
Here’s what you’ve got to do:
Generate a public key
Here’s what to tell your users to have them generate a public key that you can use to give them access to your repositories.
Go to a terminal.
Unless you’ve changed something, you’ll be at your home directory. Just in case you’re not for some reason, type:
# cd
That should bring you to your home directory. Now, create a key with:
# ssh-keygen -t rsa
The key will be generated in the ~/.ssh hidden subdirectory as ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
Have the user send you id_rsa.pub by whatever means.
Add their public key to the gitosis-admin/keydir
Copy the “id_rsa.pub” that the user sent you to the “keydir” subdirectory of your “gitosis-admin” checkout, renaming it on the way to the username that you can find as the last bit of the id_rsa.pub key.
There might be a way of renaming this so that you can use a shorter name than blah.machinename.local but I haven’t had time with a user to figure this out. Let me know in the comments if you know how to do this.
Jeff sent me his id_rsa.pub, his local user name was jeff.JeffsHappyMachine.local, so I copied his id_rsa.pub to the gitosis-admin/keydir as jeff.JeffsHappyMachine.local.pub
# cp ~/id_rsa.pub ~/gitosis-admin/keydir/jeff.JeffsHappyMachine.local.pub
Now I have jeff.JeffsHappyMachine.local as an available user. As I said, there must be a way to shorten this all up but I haven’t had time to explore this further.
To get this all up to the server, first commit:
# git commit -a -m "Added jeff's key to keydir"
Then push to the shared server with a simple:
# git push
Repeat as necessary with any other users. Obviously you don’t have to commit between each user.
Next, onto creating projects and allowing users to access them.
Steve,
Does using ssh keys for authentication result in having to enter your passphrase each time a user attempts to push something to the git server? I am prompted for this each time I update/commit and then push the gitosis.config file as well as when attempting to clone the repo as a newly added user.
Thanks,
Jay
Depends on whether your ssh key has a passphrase. Each transaction (i.e. connection via ssh) is going to prompt you if it does.
Your SSH agent locally is what requires your password. Once you authenticate it _it_, it then operates on your behalf with remote endpoints.