Linux – Install gitolite without needing public key(s)

centosgitgitolitelinux

All of our developers run Windows workstations. We run a Linux development server. I've been wanting to try out running our own git server on the dev server.

After some research I've settled on trying to install gitolite. A lot of the tutorials on how to install it are very similar, I've been following this one.

One step that doesn't make much sense to me is that it wants to you generate a public key on the client machine and then upload it to the server and use it like so:

$ gl-setup YourName.pub

I don't understand what this step is for… There are going to be about a dozen client machines that I want to connect to and use the git repos… which machine is "the client" machine? Do I need to do this step more than once, one for each client machine? What happens when I need to add a new client machine later? Why is this step necessary?

I assume the keys are so that client machines can authenticate with the server without having to put in a login/password? Can't I just setup a login/password system that client workstations would use to access the git repos? Can I just integrate our LDAP logins? Are the public keys necessary?

Also, we are running Windows workstations, not linux, so generating public keys isn't as straightforward as just installing openssl and doing it.

It seems like installing something like this should be more straightforward…

Best Answer

You need to generate/add the key for each user/client machine combination that will be using gitolite. The keys get copied into your gitolite-admin/keydir directory (I use a $USERNAME-$HOSTNAME-id_rsa.pub naming convention-- not sure if that's required but it works for me). Once youve added the keys to the keydir directory then you need to update the gitolite-admin/conf/gitolite.conf file to set up the appropriate projects/user access (using $USERNAME-$HOSTNAME-id_rsa as the naming convention).

Once that is done, you can do the git add conf keydir, commit -m "blah blah blah", and git push origin master dance and, if all goes well, the apropriate users should be able to access the appropriate git repos on your server.

Edit: I don't recall what git client setup the windows users are using but it has all the pieces to generate their keys (they aren't available so I can't ask them). It did take me a couple of tried to get it figured out & working but it appears to work well once set up.

Related Solutions

Mac OSX Gitolite – How to Fix ‘Unable to Exec Git’ Error

This looks like it might be the same problem as described here:

gitolite setup on Mac => git-upload-pack: command not found

Interactive sessions don't necessarily have the same environment variables set as non-interactive sessions. Try adding the PATH to git (/usr/local/bin) to a shell init file for the git user that's read in both interactive and non-interactive sessions. If the git user's shell is bash, try ~git/.bashrc .

Gitolite Clone Issues – How to Fix Gitolite Clone Not Working on Debian

Being able to access gitolite@server:~/repositories/gitolite-admin.git, but not gitolite@server:gitolite-admin indicates you are not going “through” Gitolite, but just using plain SSH-based access to the gitolite user.

If ssh gitolite@server echo normal access yields normal access, then the key you are using is not restricted to going through Gitolite. If you were going through Gitolite you would see something like bad command: echo normal access.

This can happen if you have a key that you use to SSH into the gitolite user itself and you try to use that same key to authenticate as a Gitolite user. A “normal access” key will be present in gitolite’s .ssh/authorized_keys without any special prefix. The line for a key that is configured to go through Gitolite will start like command="/path/to/gl-auth-command gitolite-username",….

If you need normal SSH-based access to the gitolite user and Gitolite-based access, then you should setup separate keys for those purposes so that you can specify which key you want to use with IdentityFile options in your .ssh/config file (maybe also IdentitiesOnly if you find that ssh is using the “wrong” key just because you already have it loaded in your ssh-agent).

For example:

Use one of your “default” keys (one of ssh’s defaults (e.g. ~/.ssh/id_rsa) or some key that you usually have loaded in your ssh-agent) to access Gitolite (i.e. you have the public key in the active keydir/your-gitolite-user-name.pub).

Generate ~/.ssh/gitolite-user for use in directly logging into the gitolite user. Use ssh -i ~/.ssh/gitolite-user gitolite@server to login. Or, add a custom entry to ~/.ssh/config:

Host gitolite-user
              User gitolite
          HostName server
      IdentityFile ~/.ssh/gitolite-user
    IdentitiesOnly yes

so you can just do ssh gitolite-user to login.

Best Answer

Related Solutions

Mac OSX Gitolite – How to Fix ‘Unable to Exec Git’ Error

Gitolite Clone Issues – How to Fix Gitolite Clone Not Working on Debian

Related Topic