git Gitolite:添加用户不起作用,并在以 root 身份克隆时被 fallthru 拒绝?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10843781/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Gitolite: adding user not working, and DENIED by fallthru when cloning as root?
提问by Jay
I've managed to init an empty git repo on my NAS, and I attempted to add a new user by generating a new public key "foo.pub" and copying + pasting it into keydir/ and committing that and pushing it onto the NAS.
我已经成功地在我的 NAS 上初始化了一个空的 git repo,我试图通过生成一个新的公钥“foo.pub”并将其复制并粘贴到 keydir/ 并提交并将其推送到 NAS 上来添加一个新用户.
First, the files:
首先,文件:
Here is my ~/.ssh/config file:
这是我的 ~/.ssh/config 文件:
Host root
HostName iptonas
User root
Port 123
Host foo
HostName iptonas
User foo
Port 123
identityfile ~/.ssh/foo
Grabbed a copy of gitolite-admin from NAS:
从 NAS 获取一份 gitolite-admin 的副本:
git clone ssh://root/gitolite-admin
I get:
我得到:
Cloning into 'gitolite-admin'...
remote: Counting objects: 12, done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 12 (delta 1), reused 0 (delta 0)
Receiving objects: 100% (12/12), done.
Resolving deltas: 100% (1/1), done.
Here is my gitolite.conf file:
这是我的 gitolite.conf 文件:
repo gitolite-admin
RW+ = git
repo testing
RW+ = @all
repo newrepo
RW+ = foo
RW+ = bar
When I pushed my copy of gitolite-admin using:
当我使用以下命令推送我的 gitolite-admin 副本时:
git push root:gitolite-admin
I get:
我得到:
Counting objects: 10, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (6/6), 1.02 KiB, done.
Total 6 (delta 0), reused 0 (delta 0)
remote: Initialized empty Git repository in /root/repositories/newrepo.git/
To root:gitolite-admin
897113c..e7e2daf master -> master
Now, when I try to push to the new repo
现在,当我尝试推送到新的回购
When I try to run:
当我尝试运行时:
git clone foo:newrepo
I get:
我得到:
Cloning into 'newrepo'...
foo@iptonas's password:
fatal: 'newrepo' does not appear to be a git repository
fatal: The remote end hung up unexpectedly
When I try to run:
当我尝试运行时:
git clone root:newrepo
I get:
我得到:
Cloning into 'newrepo'...
FATAL: R any newrepo git DENIED by fallthru
(or you mis-spelled the reponame)
fatal: The remote end hung up unexpectedly
I'm not sure what I'm doing wrong?
我不确定我做错了什么?
I am following these instructions: http://www.nineproductions.com/linux/53-gitolite-hosting.htmlUnder "Adding Repositories and Users"
我正在遵循以下说明:http: //www.nineproductions.com/linux/53-gitolite-hosting.html在“添加存储库和用户”下
回答by VonC
Those instructions mentions cloning with a user which has a id_rsa.pubkey used when installing Gitolite.
这些说明提到了id_rsa.pub使用安装 Gitolite 时使用的密钥的用户进行克隆。
So, your account must have in its ~/.sshthe id_rsaand id_rsa.pubkeys used by gitolite when declaring the 'git' user (which is the only one able to clone gitolite-adminrepo).
因此,在声明“ ”用户(这是唯一能够克隆存储库的用户)时,您的帐户中必须包含gitolite 使用~/.ssh的id_rsa和id_rsa.pub密钥。gitgitolite-admin
Now, to add a user, you not only have to declare said user in the gitolite.conffile (which you did), you also have to add his public key to the local gitolite-adminrepo 'keys' directory.
现在,要添加用户,您不仅必须在gitolite.conf文件中声明该用户(您这样做了),还必须将他的公钥添加到本地gitolite-adminrepo ' keys' 目录中。
- I ask Steve Franko to generate a new public/private key pair using ”
ssh-keygen -t dsa”- I ask Steve Franko to send me the PUBLIC key he just generated
- I rename the public key from
id_dsa.pubtosfranko.pub- I copy the
sfranko.pubkey into thegitolite-admin/keydirdirectory
- 我要求 Steve Franko 使用“
ssh-keygen -t dsa”生成一个新的公钥/私钥对- 我让史蒂夫弗兰科把他刚生成的公钥发给我
- 我将公钥重命名
id_dsa.pub为sfranko.pub- 我将
sfranko.pub密钥复制到gitolite-admin/keydir目录中
If you do both those operations before pushing back gitolite-admin, then Gitolite will declare that new user, and your git clone foo:newrepowill work.
如果您在 push back 之前执行这两个操作gitolite-admin,那么 Gitolite 将声明该新用户,并且您git clone foo:newrepo将工作。
Note that if your did the Gitolite installation with the gitaccount as I recommended before, you should have in your config file:
请注意,如果您git按照我之前推荐的帐户使用 Gitolite 安装,则您的配置文件中应该有:
Host git
HostName iptonas
User git
Port 123
Identityfile ~/.ssh/git
And go a git clone git:gitolite-admin.
并去一个git clone git:gitolite-admin。
The only time you should see/use rootis at the beginning of the installation on the server side, in order to declare/add the gitaccount.
After that, I really recommend you to not use/see rootanywhere in your process.
您应该看到/使用的唯一时间root是在服务器端安装开始时,以便声明/添加git帐户。
在那之后,我真的建议您不要root在流程中的任何地方使用/查看。
Actually I did generate two key sets, so my
~/.sshfolder currently has:id_rsa,id_rsa.pub,id_foo,id_foo.pub
实际上我确实生成了两个密钥集,所以我的
~/.ssh文件夹目前有:id_rsa,id_rsa.pub,id_foo,id_foo.pub
Your ~/.sshfolder should contain:
您的~/.ssh文件夹应包含:
git, git.pub, id_foo, id_foo.pub
git, git.pub, id_foo,id_foo.pub
Gitolite bases its authorization mechanism on an authentication made after the name of the public key.
Gitolite 的授权机制基于在公钥名称之后进行的身份验证。
Again: on the server side, you must do the gitolite installation as a user like 'git', with as an argument a /tmp/git.pub(not /tmp/id_rsa.pub)
再次:在服务器端,您必须以像“git”这样的用户身份进行 gitolite 安装,并将 a /tmp/git.pub(not /tmp/id_rsa.pub)作为参数
Let's recap because there is much confusion here. Gitolite is based on ssh.
That means you need one account (here 'git') on the server side (which will be your Gitolite server), in which a ~git/.ssh/authorized_keysfile will record all the Gitolite admin/users public keys.
让我们回顾一下,因为这里有很多混乱。Gitolite 基于 ssh。
这意味着您需要在服务器端(这将是您的 Gitolite 服务器)上的一个帐户(此处为“git”),其中一个~git/.ssh/authorized_keys文件将记录所有 Gitolite 管理员/用户公钥。
On the client side (your user foo), you need to have (at least for your first user) the public and private keys from git, and the ones from foo.
在客户端(您的用户 foo),您需要(至少对于您的第一个用户)拥有来自 git 的公钥和私钥,以及来自 foo 的公钥和私钥。
Your ~foo/.ssh/configfile will contain:
您的~foo/.ssh/config文件将包含:
Host gitadmin
HostName iptonas
User git
Port 123
identityfile ~/.ssh/git
Host foo
HostName iptonas
User git
Port 123
identityfile ~/.ssh/foo
Note that the user for any ssh communication is always git! You always contact the Gitolite server through an ssh address like ssh://git@iptonas:123/arepo.
Except, since yo have multiple SSH keys to chose from, you can type instead:
请注意,任何 ssh 通信的用户始终是 git!您总是通过 ssh 地址联系 Gitolite 服务器,例如ssh://git@iptonas:123/arepo.
除了,因为你有多个 SSH 密钥可供选择,你可以输入:
git clone gitadmin:gitolite-admin, orgit clone foo:newRepo
git clone gitadmin:gitolite-admin, 或者git clone foo:newRepo
The first command will allow you to clone the gitolite-adminrepo (because you do that using git public and private ssh keys, so you have the rights to do that).
You can use that local clone to put foo.pubin the keysdirectory, and to declare a newRepoin the configfile.
Then you push back that repo (and Gitolite does its magic, creating a new repo, adding the content of foo.pubto ~git/.ssh/authorized_keysfor you, with a forced-command script in order to intercept any ssh commands emitted by foo).
第一个命令将允许您克隆存储gitolite-admin库(因为您使用 git 公共和私有 ssh 密钥执行此操作,因此您有权这样做)。
您可以使用本地克隆放foo.pub的keys目录,并申报newRepo了在config文件中。
然后你推回那个 repo(并且 Gitolite 发挥它的魔力,创建一个新的 repo,为你添加foo.pubto的内容~git/.ssh/authorized_keys,使用强制命令脚本来拦截 发出的任何 ssh 命令foo)。
(I prefer naming that ssh shortcut 'gitadmin' instead of git, even if the public/private keys are named 'git.xxx', because 'gitadmin' better conveys the intentof the ssh commands you will do with it: you will administer git access rights)
(我更喜欢将 ssh 快捷方式命名为“ gitadmin”而不是 git,即使公钥/私钥命名为“ git.xxx”,因为“ gitadmin”更好地传达了您将使用它执行的 ssh 命令的意图:您将管理 git 访问权限)
The second command allows you to clone your newRepoand to work on it.
第二个命令允许您克隆您的newRepo并对其进行处理。
Note that:
注意:
ssh gitadmin, orssh foo
ssh gitadmin, 或者ssh foo
will display the gitolite version and the rights associated with the ssh keys used by each ssh shortcuts 'gitadmin' and 'foo', as defined in the ~foo/.ssh/configfile.
将显示 gitolite 版本以及与文件中定义的每个 ssh 快捷方式“ gitadmin”和“ foo”使用的 ssh 密钥相关联的权限~foo/.ssh/config。
