Multiple gitolite users on one machine

2020-03-31 02:16发布

I've set up gitolite on a remote machine and configured it from my local. I didn't want to have my activity shown as "admin" and created the user and key "noah". After creating a repo for "noah", I was denied access. I believe because I was still "admin".

So I have two accounts on one machine. How do I switch?

Thanks

UPDATE:

Here is my local ~/.ssh/config/:

#noah account
    Host git-noah
    HostName remote
    User git
    IdentityFile ~/.ssh/noah</code>

command on local: git clone git-noah@remote-ip:reponame

authorized_keys on remote: command="/usr/share/gitolite/gl-auth-command noah",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa ...

If it matters, I'm on a Mac. I've also done ssh-add -K ~/.ssh/noah

UPDATE 2:

Here is auth.log:

server sshd[2834]: Invalid user git-noah from localip
server sshd[2834]: input_userauth_request: invalid user git-noah [preauth]

Here's the local permissions:

drwx------+  13 noah    442 19 Apr 14:47 .ssh

Remote permissions:

-rwx------ 1 git 1067 Apr 19 14:57 authorized_keys
drw------- 2 git  4096 Apr 19 14:57 .ssh

标签: git gitolite
1条回答
▲ chillily
2楼-- · 2020-03-31 02:46

If you are using those tow accounts with different ssh keys (as described in "How do programs like gitolite work?"), the way you switch is by using an ssh url which instructs ssh to look for noah's key (instead of admin's key).

For that, you need an ssh config file (in your HOME/.ssh/config), as I detailed in "How to use specified key when working with github via portablegit?":

#admin account
Host gitolite-admin
    HostName yourGitoliteServer
    User git
    IdentityFile ~/.ssh/id_rsa_admin

#noah account
Host gitolite-noah
    HostName yourGitoliteServer
    User git
    IdentityFile ~/.ssh/id_rsa_noah

To clone your repo made for noah, you would use an url which reference the right entry in the ssh config file.

git clone gitolite-noah:yourRepo.git

By using that url, you are setting a remote named origin: you can see it with git remote -v.

That means any command using that remote name (like git pull origin or git push origin) will use that ssh url, which explicitly refers to a specific private ssh key, which in turn identifies you to Gitolite as noah.


The most effective way to debug ssh is by checking how the sshd listen to the query on the server.

Since it is a debian (as per out discussion):

  • /usr/sbin/sshd -d -D -p 222 on the server,
  • ssh -p 222 -Tv git-noah on the client

(note the trick of using a dedicated port, that way, no need to stop the actual sshd: it is a one-time session on a special port for debug purpose only)

We quickly saw a

Could not open authorized keys '/home/git/.ssh/authorized_keys': Permission denied

Which is consistent with:

root@server:/# ls -lato ~git/
drw------- 2 git 4096 Apr 19 14:57 .ssh

A chmod 700 ~git/.ssh fixed the situation.

查看更多
登录 后发表回答