2

I have my own private linux server. I am using it to host all my company git repositories. I am reading the .git directories using python. I also have a database that contain some information like the users who are allowed to login to the system.

The problem now, I have a linux user called git. the user has all the repositories, and when I try to connect from an outside machine I have to upload the SSH keys to the server before pulling and pushing.

What I am trying to do now.. Is to create an authentication layer like github. Where the users can clone or push to private repositories by entering the username and password for the system. Since the username and the password are in the database I need a python script OR any other script that will fetch the username and password.

The question now, when a user tries to do this.. git push origin master for the first time. and there were no SSH key. I need something to say Please enter your username and password if the user is authenticated using the data in my database AND have access to this repository then I want him/her to be able to push the repo or clone it.

Please don't mention ready software to host git repositories. This is not an option for me.

Othman
  • 2,942
  • 3
  • 22
  • 31

1 Answers1

2

Since you have ssh access, you can add an authorization layer like gitolite which will allow you to:

That way, no need for a user database, and you can manage your entire user base and access rules from the gitolite-admin repo, a special administrative repo which will be interpreted on the server side by gitolite.

See more at "How do programs like gitolite work?".

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • First, Thank you. BUT Github, Heroku and many other platforms that allows users to push/pull from their server are not relying on SSH keys. If you have a private repo on github you will be able to clone it using only your username and password in Github which already stored in their database. And that's really my problem. I do have users in my PostgreSQL database, and I need to give them access to use the server as a Git Server. It's kind like having a script before you access the .git repo, which will go to the database or a file to check for permissions. What do you suggest? – Othman Jun 28 '14 at 06:25
  • @Othman I still suggest gitolite, but with an Apache front-end. http://stackoverflow.com/a/21303301/6309. Except instead of Apache authenticating against LDAP, it can authenticate against PostgreSQL (http://www.graphica.com.au/postgres-and-apache.html or http://www.giuseppetanzilli.it/mod_auth_pgsql2/) – VonC Jun 28 '14 at 06:32
  • So I have use apache to authenticate the users from my database(OK). AND if someone wants to use a SSH key I will need to modify the `gitolite-admin` repo and that key to the file. Will apache ignore the authentication if the user has an SSH key, since it's silly to ask for a username and password even I have a SSH key in the server? If yes Thank you. – Othman Jun 28 '14 at 06:42
  • @Othman no, Apache will continue authenticate as usual: if a user uses an ssh url, Apache wouldn't be contacted at all. Https url and ssh url each will contact their own listener. – VonC Jun 28 '14 at 06:46
  • :( So again how I can do something like github .. when you upload your ssh key to them they no longer ask you for username and password even if you use HTTP to push/pull? That's really disappoint me. – Othman Jun 28 '14 at 06:51
  • No, ssh and http are two different protocols. If you push to github with https, it *will* ask you for a password (your GitHub account password), and it won't have anything to do with ssh. For https, you can cache your http password though: http://stackoverflow.com/a/18607931/6309 – VonC Jun 28 '14 at 06:53