3

I have Debian, Fisheye and Git on my server. My git repos are managed by Fisheye. There is no authentication at the Fisheye part. All authentication procedures are managed by git.

I would like to use SSH authentication, so that I do not need to provide username and password as I push my changes to the server. I know how to create an rsa key, but where do I copy my public key at the server?

Jordan Dea-Mattson
  • 5,791
  • 5
  • 38
  • 53
Ivan Zamylin
  • 1,708
  • 2
  • 19
  • 35

2 Answers2

6

The key part of the article "Git on the Server - Setting Up the Server" is:

you need to add some developer SSH public keys to the ~/.ssh/authorized_keys file for that user.
Let’s assume you’ve received a few keys by e-mail and saved them to temporary files. Again, the public keys look something like this:

$ cat /tmp/id_rsa.john.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4L
ojG6rs6hPB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4k
Yjh6541NYsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9Ez
Sdfd8AcCIicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myiv
O7TCUSBdLQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPq
dAv8JggJICUvax2T9va5 gsg-keypair

(Note: make sure the key is displayed on one single line)

You just append them to your authorized_keys file:

$ cat /tmp/id_rsa.john.pub >> ~/.ssh/authorized_keys

If you don't have an authorized_keys file on your server, create it, but make sure to protect it correctly.

server$ mkdir ~/.ssh
server$ chmod 700 ~/.ssh
server$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
server$ chmod 600 ~/.ssh/authorized_keys
server$ rm ~/id_rsa.pub

See "Creating SSH keys for Gerrit and Hudson" for a concrete example.

  • Make sure git is in the PATH used by your ssh daemon.
  • Make sure all parent directories of your ~/.ssh are not writable for the group (chmod 755 only).
Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Be aware that this gives you a complete shell/interactive session. Consider using dedicated „git keys“ combined with„forced commands“ to restrict this key to „git only“. *Especially* do this if multiple users use the same „git account“. See e.g. here for an example: https://superuser.com/questions/299927/can-you-specify-git-shell-in-ssh-authorized-keys-to-restrict-access-to-only-git?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa – Jens Mar 30 '18 at 09:56
  • 1
    @Jens I agree. That ("ssh forced command") is what I have been using for years with gitolite, that I presented at the time (more than 5 years ago) in https://stackoverflow.com/a/13320256/6309. – VonC Mar 30 '18 at 11:29
1

You need to paste your public key inside ~/.ssh/authorized_keys. Create the file if it doesn't exist.

Ronan Boiteau
  • 9,608
  • 6
  • 34
  • 56
ErJab
  • 6,056
  • 10
  • 42
  • 54