2

I have been using a git+gitolite+redmine installation for a long time with no problems. The server is running on ubuntu while I'm developing on windows, and pushing data to the server using a rsa key to log in with.

The only small problem I had, was that redmine repository browser gave me a 404 error. So today I decided to solve that, with 'chmod 777' on my git user home. That worked, but...

Now I can not push to my server from my windows computer (nor pull).

I have changed the access rights on the .ssh directory back to '600'. What else am I missing?

nikolaj
  • 180
  • 1
  • 10
  • Please send exact message you are getting from git. Can you ssh to the server - `ssh user@your_server_addr` ? From windows you can use putty to ssh. – Michal Mar 01 '13 at 12:18
  • 1
    Did you only change the `.ssh` directory or the key files within it too? – Jonathan Wakely Mar 01 '13 at 12:19
  • I'm not really getting any error message from git, I'm simple just prompted for at password. It ought to (at least it has till now) just use the rsa key to log in. I have not set a password on the rsa key. – nikolaj Mar 01 '13 at 13:40
  • In /var/log/auth.log I have the folowing entry: Authentication refused: bad ownership or modes for directory /var/gitolite – nikolaj Mar 01 '13 at 13:46

1 Answers1

2

You need, for ssh to work, to make sure no directory is writable for 'group' or 'world' for .ssh and any parent directory.

.ssh itself should be in 700, and authorized_keys in 600: see "Git SSH authentication".

777 on homedir will break ssh immediately, as the ssh daemon will refuse to access ~/.ssh/authorized_keys since part of the path (here the homedir) could be altered by group or others.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • I already have 700 on the .ssh directory and 600 on all the files (id_rsa.pub and authorized_keys) in the directory. – nikolaj Mar 01 '13 at 13:42
  • @user1407209 I am referring to the *parent* directories of `.ssh`, ie `/home/yourUser` (and `/home` itself actually): none of the *parent* directories can be *writable* for 'group' or 'world'. – VonC Mar 01 '13 at 13:45
  • Ahh, sorry my mistake. Anyway, the home directory (/var/gitolite) is `755`. Shouldn't that be ok? I have just tried with `644`. Gives me same result. – nikolaj Mar 01 '13 at 14:02
  • Ok, you got me a bit further. Now at least it seems that shh accepts the key. Now I get the error `open log failed: Permission denied`. – nikolaj Mar 01 '13 at 14:27
  • @user1407209 As I mentioned at the end of http://stackoverflow.com/questions/13425811/git-ssh-authentication/13428529#13428529, `755` is fine (again check *all* parent directories, from `/` all the way to the homedir) – VonC Mar 01 '13 at 15:10
  • @user1407209 looking at https://github.com/sitaramc/gitolite/blob/master/src/lib/Gitolite/Common.pm#L265-L283, check if you have an environment variable `GL_LOGFILE` or `GL_LOG` (are you using gitolite V2 or v3?), or define it in the `.gitolite.rc` file (https://github.com/sitaramc/gitolite/blob/master/src/lib/Gitolite/Rc.pm#L94-L103) – VonC Mar 01 '13 at 15:46