35

I've recently setup an inhouse git repository server and have it up and running with gitosis installed as the management tool. Read only access is available via the git:// protocol and write access is available via gitosis using ssh public keys.

I have a developer that has been granted access to his projects with a public key that was generated on his desktop workstation.

He is now wanting to access that repository from his laptop using the same ssh key pair. He's copied has .ssh folder in it's entirety to his laptop and has tried to clone from the repository without success.

Is this a valid thing to try?

Does a ssh key pair need to be generated per machine? This seems weird as it would effectively require a per machine username to be added to the gitosis configuration.

Any help would be appreciated.

Lou
  • 1,483
  • 1
  • 17
  • 24
  • 1
    We've proved that the copying of the ssh keys to other machines does work as suggested. We now think this may be more of a network/vpn issue. Thanks for the answers. – Lou Jul 22 '09 at 04:24
  • Is the developer's username the same on both client machines? – Nate Jul 22 '09 at 02:09
  • No they aren't but I don't think that matters in this case. The git clone command being used specifies git@ in the command line. So access is via the generic git user at the repository end. – Lou Jul 22 '09 at 04:09
  • 1
    As an aside, a private key is basically a glorified password. It doesn't matter which machine the password comes from. – Yawar May 14 '14 at 22:37

3 Answers3

36

Yes I think you can.

I have something similar. Two machines, one Intel (desktop) the other one Sparc. I can log into both machines and access the same CVS server (another machine) using SSH access with the same key pair which was generated on the Intel machine.

Make sure when you copy across your private key that you set both the permissions of the .ssh directory correctly (0700) and your home directory cannot be group or world writable. The id_rsa should only have user read access (0400)

hookenz
  • 36,432
  • 45
  • 177
  • 286
  • 2
    Also, in my noobish experience: I had to copy the public key plus ' ' a single space plus my username/email to the id_rsa.pub file on the other machine. Note: I also ran ssh-keygen first in the .ssh dir on Snow Leopard Mac OS 10.6.4. example: [..some cryptography stuff...]== [youremail@email.com] *brackets above mean **replace text inside them** – mkelley33 Jun 30 '10 at 02:36
  • Interesting, I never had to modify the id_rsa.pub. It must be an OSX anomaly. – hookenz Jan 28 '16 at 03:59
18

Yes, that's perfectly legitimate. ssh keys don't care where they were generated, and it's fine to have them on multiple machines at once.

Try giving the ssh client the "-v" or "-vv" option (for verbose output) and check the server's ssh log to debug the problem.

nobody
  • 19,814
  • 17
  • 56
  • 77
2

SSH key pair's are machine independent, which means you can create a SSH key pair on one machine and can deploy the same SSH key pair on multiple machines. It is valid thing to do, thats how you must do it.

Moreover Git uses SSH for transport, so you can clone/download the Git on both the machines having the same SSH key pair.