2

I've set up gitolite on a remote machine and configured it from my local. I didn't want to have my activity shown as "admin" and created the user and key "noah". After creating a repo for "noah", I was denied access. I believe because I was still "admin".

So I have two accounts on one machine. How do I switch?

Thanks

UPDATE:

Here is my local ~/.ssh/config/:

#noah account
    Host git-noah
    HostName remote
    User git
    IdentityFile ~/.ssh/noah</code>

command on local: git clone git-noah@remote-ip:reponame

authorized_keys on remote: command="/usr/share/gitolite/gl-auth-command noah",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa ...

If it matters, I'm on a Mac. I've also done ssh-add -K ~/.ssh/noah

UPDATE 2:

Here is auth.log:

server sshd[2834]: Invalid user git-noah from localip
server sshd[2834]: input_userauth_request: invalid user git-noah [preauth]

Here's the local permissions:

drwx------+  13 noah    442 19 Apr 14:47 .ssh

Remote permissions:

-rwx------ 1 git 1067 Apr 19 14:57 authorized_keys
drw------- 2 git  4096 Apr 19 14:57 .ssh
Noah
  • 4,601
  • 9
  • 39
  • 52
  • Then you need to debug the ssh part, not the gitolite part: http://stackoverflow.com/a/23054951/6309 and http://stackoverflow.com/a/7443893/6309 – VonC Apr 19 '14 at 22:15
  • I just realized the issue! (or one of the issues at least) You are using git-noah@remote-ip:reponame. That is wrong. You must use `git-noah:reponame` as I mentioned in my answer. Note the ':'. That will take care of the `Invalid user git-noah` error message. – VonC Apr 20 '14 at 07:41
  • @VonC That get's rid of that error but password still prompted. – Noah Apr 20 '14 at 07:46

1 Answers1

2

If you are using those tow accounts with different ssh keys (as described in "How do programs like gitolite work?"), the way you switch is by using an ssh url which instructs ssh to look for noah's key (instead of admin's key).

For that, you need an ssh config file (in your HOME/.ssh/config), as I detailed in "How to use specified key when working with github via portablegit?":

#admin account
Host gitolite-admin
    HostName yourGitoliteServer
    User git
    IdentityFile ~/.ssh/id_rsa_admin

#noah account
Host gitolite-noah
    HostName yourGitoliteServer
    User git
    IdentityFile ~/.ssh/id_rsa_noah

To clone your repo made for noah, you would use an url which reference the right entry in the ssh config file.

git clone gitolite-noah:yourRepo.git

By using that url, you are setting a remote named origin: you can see it with git remote -v.

That means any command using that remote name (like git pull origin or git push origin) will use that ssh url, which explicitly refers to a specific private ssh key, which in turn identifies you to Gitolite as noah.

The most effective way to debug ssh is by checking how the sshd listen to the query on the server.

Since it is a debian (as per out discussion):

  • /usr/sbin/sshd -d -D -p 222 on the server,
  • ssh -p 222 -Tv git-noah on the client

(note the trick of using a dedicated port, that way, no need to stop the actual sshd: it is a one-time session on a special port for debug purpose only)

We quickly saw a

Could not open authorized keys '/home/git/.ssh/authorized_keys': Permission denied

Which is consistent with:

root@server:/# ls -lato ~git/
drw------- 2 git 4096 Apr 19 14:57 .ssh

A chmod 700 ~git/.ssh fixed the situation.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • What about commands like push and commit? Do I have to specify user and repo each time? Is there a way to pick a default? – Noah Apr 19 '14 at 19:37
  • 1
    @Noah See my edited answer: the url is enough to identify you to Gitolite. – VonC Apr 19 '14 at 19:40
  • I'm doing `git clone git-noah@remotip:repo`. It asks for a password. Server auth.log says `sshd[3283]: input_userauth_request: invalid user git-noah [preauth]`. – Noah Apr 19 '14 at 21:35
  • 1
    @Noah you have to make sure that you have added a public key in the gitolite-admin/keys folder named `noah.pub`. The name of the key will be the name of the user for gitolite. And your ssh config file must reference the private key corresponding to that public key you registered. Go ahead on the gitolite server, and check the content of ~git/.ssh/authorized_keys: you should see the noah public key in there. – VonC Apr 19 '14 at 21:40
  • 1
    @Noah that looks good. What do you mean by "I realized I was not doing git add and git commit on the public key."? Because if your remote authorized_keys file does contain your public key, then this should work. You can check it with an `ssh -Tvvv git-noah`. – VonC Apr 19 '14 at 22:10
  • I added the details to the main post for formatting. – Noah Apr 19 '14 at 22:13
  • I had replaced my public key with a new one several times (as well as the private key) but just did `git push` without `git add` or `git commit`, so I guess it didn't work? Doing `ssh -Tvvv git-noah` returns a lot of details. I don't see anything critical but I don't understand it well. – Noah Apr 19 '14 at 22:30
  • 1
    @Noah to register your key, you need to add it in `gitolite-admin/keys`, commit and push the `gitolite-admin` repo. I believe you did that already since the `~git/.ssh/authorized_keys` was with the right content. Check your ssh protection (chmod) on your local (Mac) side too. As in http://stackoverflow.com/a/13428529/6309. – VonC Apr 19 '14 at 22:34
  • I've done `chmod 600 ~/.ssh` locally. There's no authorized_keys so I did `chmod 700 to known_hosts` but no joy. – Noah Apr 19 '14 at 22:58
  • 1
    @Noah chmod is to be done locally and remotely. But the authorized_keys is only on the remote side (gitolite uses it to authenticate users) – VonC Apr 19 '14 at 22:59
  • I've set permission on both sides but it still asks for the password. What else can I check? – Noah Apr 20 '14 at 00:37
  • @Noah you can copy the output of a `ssh -Tvvv git-noah` for me to have a look. You also can start sshd (the ssh daemon on the server side) in debug mode, to see how it reacts to your ssh query: https://www.itefix.no/i2/content/how-can-i-run-openssh-daemon-debug-mode: again, copy the result for me to have a look. – VonC Apr 20 '14 at 07:37
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/51044/discussion-between-noah-and-vonc) – Noah Apr 20 '14 at 07:46