6

I've managed to init an empty git repo on my NAS, and I attempted to add a new user by generating a new public key "foo.pub" and copying + pasting it into keydir/ and committing that and pushing it onto the NAS.

First, the files:

Here is my ~/.ssh/config file:

Host root
    HostName iptonas
    User root
    Port 123        

Host foo
    HostName iptonas
    User foo
    Port 123
    identityfile ~/.ssh/foo

Grabbed a copy of gitolite-admin from NAS:

git clone ssh://root/gitolite-admin

I get:

Cloning into 'gitolite-admin'...
remote: Counting objects: 12, done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 12 (delta 1), reused 0 (delta 0)
Receiving objects: 100% (12/12), done.
Resolving deltas: 100% (1/1), done.

Here is my gitolite.conf file:

repo gitolite-admin
    RW+     =   git

repo testing
    RW+     =   @all

repo newrepo
    RW+     =   foo
    RW+     =   bar

When I pushed my copy of gitolite-admin using:

git push root:gitolite-admin

I get:

Counting objects: 10, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (6/6), 1.02 KiB, done.
Total 6 (delta 0), reused 0 (delta 0)
remote: Initialized empty Git repository in /root/repositories/newrepo.git/
To root:gitolite-admin
   897113c..e7e2daf  master -> master

Now, when I try to push to the new repo

When I try to run:

git clone foo:newrepo

I get:

Cloning into 'newrepo'...
foo@iptonas's password: 
fatal: 'newrepo' does not appear to be a git repository
fatal: The remote end hung up unexpectedly

When I try to run:

git clone root:newrepo

I get:

Cloning into 'newrepo'...
FATAL: R any newrepo git DENIED by fallthru
(or you mis-spelled the reponame)
fatal: The remote end hung up unexpectedly

I'm not sure what I'm doing wrong?

I am following these instructions: http://www.nineproductions.com/linux/53-gitolite-hosting.html Under "Adding Repositories and Users"

Jay
  • 1,084
  • 4
  • 18
  • 43

1 Answers1

12

Those instructions mentions cloning with a user which has a id_rsa.pub key used when installing Gitolite.

So, your account must have in its ~/.ssh the id_rsa and id_rsa.pub keys used by gitolite when declaring the 'git' user (which is the only one able to clone gitolite-admin repo).

Now, to add a user, you not only have to declare said user in the gitolite.conf file (which you did), you also have to add his public key to the local gitolite-admin repo 'keys' directory.

  • I ask Steve Franko to generate a new public/private key pair using ”ssh-keygen -t dsa
  • I ask Steve Franko to send me the PUBLIC key he just generated
  • I rename the public key from id_dsa.pub to sfranko.pub
  • I copy the sfranko.pub key into the gitolite-admin/keydir directory

If you do both those operations before pushing back gitolite-admin, then Gitolite will declare that new user, and your git clone foo:newrepo will work.

Note that if your did the Gitolite installation with the git account as I recommended before, you should have in your config file:

Host git
    HostName iptonas
    User git
    Port 123
    Identityfile ~/.ssh/git

And go a git clone git:gitolite-admin.

The only time you should see/use root is at the beginning of the installation on the server side, in order to declare/add the git account.
After that, I really recommend you to not use/see root anywhere in your process.

Actually I did generate two key sets, so my ~/.ssh folder currently has: id_rsa, id_rsa.pub, id_foo, id_foo.pub

Your ~/.ssh folder should contain:

git, git.pub, id_foo, id_foo.pub

Gitolite bases its authorization mechanism on an authentication made after the name of the public key.

Again: on the server side, you must do the gitolite installation as a user like 'git', with as an argument a /tmp/git.pub (not /tmp/id_rsa.pub)

Let's recap because there is much confusion here. Gitolite is based on ssh.
That means you need one account (here 'git') on the server side (which will be your Gitolite server), in which a ~git/.ssh/authorized_keys file will record all the Gitolite admin/users public keys.

On the client side (your user foo), you need to have (at least for your first user) the public and private keys from git, and the ones from foo.

Your ~foo/.ssh/config file will contain:

Host gitadmin
    HostName iptonas
    User git
    Port 123        
    identityfile ~/.ssh/git

Host foo
    HostName iptonas
    User git
    Port 123
    identityfile ~/.ssh/foo

Note that the user for any ssh communication is always git! You always contact the Gitolite server through an ssh address like ssh://git@iptonas:123/arepo.
Except, since yo have multiple SSH keys to chose from, you can type instead:

  • git clone gitadmin:gitolite-admin, or
  • git clone foo:newRepo

The first command will allow you to clone the gitolite-admin repo (because you do that using git public and private ssh keys, so you have the rights to do that).
You can use that local clone to put foo.pub in the keys directory, and to declare a newRepo in the config file.
Then you push back that repo (and Gitolite does its magic, creating a new repo, adding the content of foo.pub to ~git/.ssh/authorized_keys for you, with a forced-command script in order to intercept any ssh commands emitted by foo).

(I prefer naming that ssh shortcut 'gitadmin' instead of git, even if the public/private keys are named 'git.xxx', because 'gitadmin' better conveys the intent of the ssh commands you will do with it: you will administer git access rights)

The second command allows you to clone your newRepo and to work on it.

Note that:

  • ssh gitadmin, or
  • ssh foo

will display the gitolite version and the rights associated with the ssh keys used by each ssh shortcuts 'gitadmin' and 'foo', as defined in the ~foo/.ssh/config file.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Hi again :) thank you so much for helping me. Actually I did generate two key sets, so my ~/.ssh folder currently has: id_rsa, id_rsa.pub, id_foo, id_foo.pub. In my gitolite-admin/keydir directory I have: git.pub, foo.pub. I have also added the git user to my config file as you suggested. However, when I run "git clone git:gitolite-admin" I get "Cloning into 'gitolite-admin'... git@iptonas's password: Permission denied, please try again." several times until failure. – Jay Jun 01 '12 at 04:26
  • Should I perhaps make keysets for git as well, and also add "identityfile ~/.ssh/git" to config? – Jay Jun 01 '12 at 04:28
  • Ok, so I followed all those instructions, and tried running "git push git:gitolite-admin". I was asked for git's pw, and after typing that in I got: "Could not chdir to home directory /var/services/homes/git: No such file or directory \n fatal: 'gitolite-admin' does not appear to be a git repository \n fatal: The remote end hung up unexpectedly". I'm guessing I have to find some way to edit ~/.profile or something..? How might I get to that file? – Jay Jun 01 '12 at 06:15
  • @Jay > "I was asked for git's pw": you must not be asked for `git`'s password. If the server (`~git/.ssh/authorized_keys`) contains the git public key in a line preceded with a `command=...`), and if the client (from which you are cloning or pushing) contains a `~/.ssh/config` file with the right `Identityfile ~/.ssh/git` directive (ie you have both private and public keys for the `git` account, appropriately named '`git`' and '`git.pub`'), you won't be asked a password. – VonC Jun 01 '12 at 06:40
  • Ok, so I was able to create the git user properly, and was also able to access the NAS using git without any problems. HOwever, I'm trying to mkdir $HOME/bin as in step 6 under "Configure the Git Hosting User's Profile and Home Directory" for my 'foo' user, but am getting this error: "mkdir: can't create directory '/volume1/home/foo/bin': Permission denied". I made the keys and put them in the proper places, and I also fixed the /volume1/home/foo/.profile file to reflect the correct path to foo's home directory. Is there something I missed? – Jay Jun 02 '12 at 02:53
  • @Jay this step should be done for the git account, not for foo account. You need a ~git/bin directory. – VonC Jun 02 '12 at 03:16
  • Actually, I was able to do all that for the user "git" fine. But I'm trying to 1) set up the user "foo" on my computer (as the user I want on my computer is not "root" nor "git" but "foo"), and 2) to set up a new repo "newrepo". I added the foo.pub to gitolite-admin/keydir, and edited gitolite-admin/gitolite.conf so there is "repo newrepo" with "RW+ = foo". Then I ssh as root, type "su - foo", "vi .profile" and add in those lines in step 4 of "Configure the Git Hosting User’s Profile and Home Directory", "source .profile", – Jay Jun 02 '12 at 06:38
  • and get a "Permission denied" error when trying to type "mkdir $HOME/bin". Should I not be following the "Configure the Git Hosting User’s Profile and Home Directory" steps for my new "foo" user? – Jay Jun 02 '12 at 06:38
  • The user "git" was added to gitolite.conf, and assigned under the repo "newrepo" as per the instructions for gitolite. – Jay Jun 02 '12 at 06:43
  • Also, even though I was able to set up the user "git" and was able to use "git" to clone and push the repo "gitolite-admin", I was not able to clone from/push to my new repo "newrepo". I type "git clone git:newrepo" and get "Cloning into 'newrepo'... FATAL: R any newrepo git DENIED by fallthru (or you mis-spelled the reponame) fatal: The remote end hung up unexpectedly". I type "git push --all git:newrepo" and I get "FATAL: W any newrepo git DENIED by fallthru (or you mis-spelled the reponame) fatal: The remote end hung up unexpectedly". – Jay Jun 02 '12 at 07:24
  • I also tried "git clone foo:newrepo" and am still getting "Cloning into 'newrepo'... fatal: 'newrepo' does not appear to be a git repository fatal: The remote end hung up unexpectedly". Is there a way for me to check what repos actually exist in the NAS? – Jay Jun 02 '12 at 07:26
  • More notes... I was also able to do "git clone git:testing" and get a copy of the premade repo "testing". I was *not* able to do "git clone foo:testing" however - I get the error "Cloning into 'testing'... fatal: 'testing' does not appear to be a git repository fatal: The remote end hung up unexpectedly". – Jay Jun 02 '12 at 07:29
  • @Jay The git ssh account is only for cloning /pushing the gitolite-admin repo. Your newrepo will be cloned by your foo account, since you have created the necessary ssh keys, and put foo.pub in the gitolite admin repo. – VonC Jun 02 '12 at 08:04
  • 1
    @Jay: "Should I not be following the "Configure the Git Hosting User’s Profile and Home Directory" steps for my new "foo" user?" **no you should not**: this section is purely for configuring the git account on the server which will be used for all ssh communications. I will edit my answer for more. – VonC Jun 02 '12 at 12:30
  • I followed all the instructions so far, and while I am able to clone/push using the user gitadmin (formerly 'git'), I am still unable to clone/push using the user I added 'foo'. There is foo.pub in keydir/, and they are added as a user under the 'testing' repo in gitolite.conf. However, when I try to do "git clone foo:testing" I am still getting a request for foo's pw, and then this line: "Could not chdir to home directory /var/services/homes/foo: No such file or directory fatal: 'testing' does not appear to be a git repository fatal: The remote end hung up unexpectedly". – Jay Jun 03 '12 at 22:25
  • I'm trying to set the home directory for both 'gitadmin' AND 'foo' (since they're on the same computer) to be in /volume1/git. I've already updated this in su - gitadmin > vi .profile, su - foo > vi .profile, and root > vi /etc/passwd. I'm not sure why it's still using the default "/var/services/homes/foo" directory? – Jay Jun 03 '12 at 22:27
  • @Jay: Does your `~foo/.ssh` contain the public/private ssh keys `foo.pub`, `foo`, `git.pub` and `git`? And a `config` file with the content mentioned in my answer? That config file should reference user '`git`' always. On the server side (where ssh operations are done), only `/var/services/homes/git` exists. Does your `gitolite-admin/keys` directory (within the local clone of `gitolite-admin` contain `git.pub` and `foo.pub`? Can you edit your question with the content of `gitolite-admin/conf/gitolite.conf` file? – VonC Jun 04 '12 at 04:15