How does Github, Gitlab, Gitosis, etc.. knows which user is logged in?

Question

I asked myself, how do those git-hosting tools/sites know which user is logged in.

I mean, you login via SSH git@github.com/... and this means you login as user git

and the only information that securely identifies you as your real user is your public key. But how does they figure out your login-public key?

One Way to do so is to look into a logfile shown in this question:

Can I find out which ssh key was used to access an account? https://unix.stackexchange.com/questions/15575/can-i-find-out-which-ssh-key-was-used-to-access-an-account

but this means you have to set up the loglevel to VERBOSE, but I have an Gitlab installation and the loglevel is at INFO and no overriding to the sshd_config anywhere..

so in short again: If you login at Github or gitlab via SSH it tells you:

ssh git@github.com PTY allocation request failed on channel 0

Hi USERNAME! You've successfully authenticated, but GitHub does not provide shell access.

Connection to github.com closed.

but how does github knows I am USERNAME when I login as git?

EDIT:

I know there is a mapping between my key and my account, but gitolite (or (for example ) the gitolite-shell must somehow know my public key, how is this key delivered to toe gitolite shell?

It somehow has to find out the ssh-public-key that is used in this session, this is the key to my question, how does it knows which ssh-key is used to login

Answer 1

Regarding gitolite (which replaces the outdated gitosis), it knows who you are because you registered your id along with your public ssh ket in the gitolite server ~git/.ssh/authorized_keys file.

See "How do programs like gitolite work?".

That file contains lines like:

command="[path]/gitolite-shell sitaram",[more options] ssh-rsa AAAAB3Nt...

Which means an ssh session will call gitolite-shell with a parameter representing your id.

This has nothing to do with the config user.name you are using for your commits.
It has everything to do with the authentication mechanism (https or ssh) you are using, which is then passed along an authorization layer like gitolite.

GitHub has its own authorization layer (different from gitolite), but the idea is the same (the login is associated to the ssh public key).

Answer 2

it knows because of your SSH key, but in commits USERNAME is taken for your local git config. So all commits from one key will be assigned to your account, but the name appeard in commits can be anything.

your key is added on github server to git user .ssh then on push hook it checks key to real github user

Answer 3

ok, I figured It out with the help of your posts:

The gitolite-shell ( and probably a similar way in gitlab) knows which user I am because of the SSH Force Commands

So you can define a command that is executed after login depending your public key

exactly what VonC said but not pointed out clear enough for me :D

command="[path]/gitolite-shell sitaram",[more options] ssh-rsa AAAAB3Nt..

this line means, call the gitolite-shell with the parameter sitaram IF a user logs in with a specific SSH-Key ssh-rsa AAAAB3Nt..

and I looked in the authorized_keys in my gitlab installation, and voila: command="/home/git/gitlab-shell/bin/gitlab-shell key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAAB3Nz...