1

my setup is ubuntu - gitolite - msysgit. After following this tutorial :

https://sites.google.com/site/senawario/home/gitolite-tutorial

Everything works fine.

So I modified and commited - pushed the config file : 

repo    gitolite-admin
        RW+     =   id_rsa

repo    testing
        RW+     =   @all

repo    project-euler
        RW+     =   tester

Everyhting got updated etc.

I would now like to test this with the "tester" user but I can't. Shouldn't git clone tester@myServer:project-euler work?

If I try the above I get : 

$ git clone tester@192.168.1.3:project-euler
Cloning into project-euler...
Permission denied (publickey).
fatal: The remote end hung up unexpectedly

I tried this from the same machine I used to admin the git.

If I try to use this : 

git git@192.168.1.3:project-euler

I get : R access for project-euler DENIED to id_rsa

Which is normal I think since the git user doesn't have access.

Any ideas?

After following @VonC links I created the config file as mentioned. I still have the same problem so I fun a ssh -v with the user in trouble. The output is : 

OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /c/Users/Stefanos/.ssh/config
debug1: Applying options for 192.168.1.3
debug1: Connecting to 192.168.1.3 [192.168.1.3] port 22.
debug1: Connection established.
debug1: identity file /c/Users/Stefanos/.ssh/tester type 1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3
debug1: match: OpenSSH_5.8p1 Debian-1ubuntu3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.1.3' is known and matches the RSA host key.
debug1: Found key in /c/Users/Stefanos/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /c/Users/Stefanos/.ssh/tester
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

UPDATE

I managed to clone the repo by using git clong git@server:repo - not tester@server:repo.

Also if I have the config file I can't login as admin. It logs only as tester. Probably there should be a way to configure this. Thanks for all your help.

FailedDev
  • 26,680
  • 9
  • 53
  • 73
  • Did you copy the public key of *tester*? – Simon Aug 11 '11 at 03:55
  • I copied they key in the /keydir directory and then pushed the changed with my git account. Everything worked. I double - checked that by deleting the repository and cloning it again and then checking if the new key was there (it was). – FailedDev Aug 11 '11 at 06:58

2 Answers2

1

The first thing to do is to check if the public key of that new user has been published to the gitolite server.

  • Check the content of ~git/.ssh/authorizedkeys, and look for a line with tester in it
  • Check the content of the gitolite-admin repo/keydir, and look for a 'tester.pub' file, with the public key in it (don't forget those public keys are named after the user: tester.pub here)
  • check that tester does have in his/her .ssh its id_rsa and id_rsa.pub.
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Thanks for the reply! I indeed have checked ~git/.ssh/authorizedkeys and the key was there, along of course with the git syntax "command etc" but the key was there, like the admin key was. Also tester.pub was there too in the /keydir in the server. For the third part, do I need to create another account on my machine (Win7) and then put in C:/Users/tester/.ssh/the private key? – FailedDev Aug 11 '11 at 06:53
  • @FailedDev: the key was here, but can you copy that line? Just to check it was there with the right name. – VonC Aug 11 '11 at 07:04
  • @FailedDev: you don't need to create any new account, you only need to select the right public/private keys when making your ssh requests. See config file like in http://stackoverflow.com/questions/5357232/nbgit-to-remote-host-with-ssh/5357423#5357423 or http://stackoverflow.com/questions/922210/unable-to-git-push-master-to-github/922461#922461 – VonC Aug 11 '11 at 07:06
  • Sorry I can't copy the line right now, I am at work and everything is blocked. :) I will post when I have something new. Thanks for the help! – FailedDev Aug 11 '11 at 07:25
  • The line is : command="/home/git/bin/gl-auth-command tester",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAurnxITUtCLDD/vY00uyB/MuczchAJnXOSH2vMyGyeN8Sgy0hCjWkCGhIr3GvyqMDEyhAGL59/Pkod0ENDPpMKz2Q5UzVVJdmFCzzCpoqbulik9SIaiBAbfS/zOB/e+YdfjoxDLSLd1SuebhOzwpmSec/mlorGAVkcrr8nvFoW6pmKQcf8RIxkwc/poBw8CPmW3BSYY7i4Cs9ahw/yxUEgGDUyEAEN3moupsbezCb7a+JtAi2cRkm7VH8iliOb2nC8v/42SjUYNQm4Q4cBSAm/hh9TfSCNHuE7rXde+wG6jkPrZSl1eXnwxoScSwu04bF9sCqmkBkF723kMDu6NN58Q== tester@192.168.1.3 So I think that the key is correct. Git user has the same format. – FailedDev Aug 11 '11 at 16:17
  • First, try just only ssh that it work well. If it not, try to check /etc/ssh/sshd_config , make sure that ssh daemon allow your user to login, AllowUsers tester , – scalopus Aug 11 '11 at 17:25
0

You're confusing gitolite users with linux users. They share some characteristics but differ in others. You always use the user named "git" in the git URL when connecting to gitolite. Regardless of that, whatever user you're trying to connect from must have a keypair (~/.ssh/id_rsa[.pub]). So let's say you're "bob". Your public key is at /home/bob/.ssh/id_rsa.pub. That public key has to be added to the gitolite configuration. Let's say you name it "foo.pub" when you add it. Now "foo" is a valid gitolite user that you can refer to in the config. Just remember that there's no connection, implicit or explicit, between your local user (bob), the user used to connect to gitolite (git), and the gitolite user (foo). The only connection is the public key, which identifies "bob" on your local machine as "foo" to gitolite.

Ryan Stewart
  • 126,015
  • 21
  • 180
  • 199
  • So I guess that whatever is in the config file, defines the current user which means that there can be only one user per machine at any given point in time. Which is fine I guess :) – FailedDev Aug 11 '11 at 17:24
  • @Failed: No, actually with gitolite you can name your pubkey files like "foo@laptop.pub", "foo@desktop.pub", or "foo@somewhereelse.pub" in order to give a single user multiple keys. The name in "@.pub" isn't really important. It's just for informational purposes for the gitolite admins. – Ryan Stewart Aug 11 '11 at 18:16