Git Server Frustration (Gitosis, Gitolite, etc)

Asked 9/4, 2011 at 19:54 Answered 27/1, 2012 at 2:57

Please excuse the frustrating undertones as I have attempted to get this set up correctly multiple times to no avail (possibly and most likely due to my ignorance, but also likely due to the lack of thorough and concise documentation).

I am trying to set up a git server so that I can share code amongst a small team of developers. Each developer may connect from multiple client PC's. I come from MS in the past so I am a bit spoiled in regards to development toolset, but it would be awesome if I could get something similar to TFS.

When trying to set up either gitosis (I understand this is deprecated for the git community per https://serverfault.com/questions/225495/ubuntu-server-gitosis-user-naming-convention) or gitolite, it seems as though as soon as I set it up I have to be extremely careful because it seems everything is balancing on toothpicks.

My latest attempt to set up a git server included moving my public key (benny.pub) from my laptop to the server, setting everything using that public key and pulling down the config to set up a repo and permissions. I then realized I want to develop on another PC so I created a new key ([email protected]) and renamed benny.pub to [email protected] which screwed things up obviously. This is where I know I was dumb by changing the name.

My question after a long-winded description is this: how can I set up a sturdy self-hosted git server with the ability to have multiple developers log in from multiple machines while maintaining security, etc? There has to be a proven technique (gitolite describes maybe 4-5 different ways...also frustrating) to do this as I'm sure I'm not the only one trying to do this exact same thing. Maybe git isn't right for my team?

Any help is greatly appreciated!

Wallflower answered 9/4, 2011 at 19:54 Comment(2)

Take gitolite, with the "from-client method": https://mcmap.net/q/745101/-gitolite-git-clone-error/…. Works like a charm. – Connatural 9/4, 2011 at 20:12

Also, in my opinion it is not a horrible thing to share SSH keys between systems, such as laptops and desktops. As long as each one is secure, and most importantly that the key has a passphrase. – Tomchay 26/4, 2011 at 22:8

From my experience, all you need is a SSH server with a single git account/login that you are able to connect to using one of your public keys. Install gitolite using SSH (copies gitloite from your client to the server & does the basic setup) and have your developers send you their public keys. Add these keys to the gitolite-admin repository in your ~ and push.

Why does a developer need more than one keypair in the first place, even if multiple machines are used? Such cases will neither influence how SSH handles authentication nor how gitolite handles authorization: they're still SSH keys.

If a developer has to use several keypairs (one for git, another for some other server), let them handle the complexity and advise them to create an entry in ~/.ssh/config for each keypair/server combination they use.
If a developer has a different keypair on every machine used, gitolite groups can combine several public keys:

@agross = agross-1 agross-2

Lookeron answered 10/4, 2011 at 0:12 Comment(3)

There is no longer an option of installing gitolite through ssh. I recommend this article for gitolite + GitLab (nice UI for gitolite): blog.phusion.nl/2012/04/21/… Note that this is for Debian, but should be similar on other systems – Oval 29/6, 2012 at 23:23

@Oval What do you mean "There is no longer an option of installing gitolite through ssh"? That's the default protocol. – Carlynne 18/6, 2013 at 23:44

@Carlynne He was talking about installation, not accessing the Git server once it is installed. As of today, Gitolite does not provide means to install through SSH. You may SSH into your server yourself, though. – Houseclean 22/6, 2013 at 11:35

A couple of pointers:

The section about git on the server on Scott Chacon's pro git book

Gitorious is FOSS

Sensualist answered 9/4, 2011 at 20:49 Comment(0)

I maintain a gitosis config at work, and when a developer has multiple ssh keys, all I have to do is put all these keys in the same keydir/user.pub file.

So concatenate all your keys into keydir/benny.pub and you shoud be all set.

Koller answered 9/4, 2011 at 20:25 Comment(2)

I don't understand how this can work. When i try that, it's written: "WARNING: a pubkey file can only have one line (key); ignoring user.pub". So no, it can't work. – Enantiomorph 15/11, 2011 at 11:48

Are you using gitolite or gitosis? My answer is only for gitosis, which is what we use at work. (Gitolite works differently and wants several keys in separate files.) – Koller 15/11, 2011 at 18:42

There are a few open source git hosting solutions with a web-based UI for creating repositories and adding users (like GitHub:FI)... though I don't know about restricting access:

Gitorious (Ruby)
InDefero (PHP)
Girocco (Perl, shell scripts)

HTH

Recusancy answered 10/4, 2011 at 18:12 Comment(0)

i am using debian with every developer having an account on the server. i use ssh with private key login. Finally a developer has to use a url like ssh://[email protected]/git-repo/repo.git to checkout or in any case interact with git on repo

Ingeringersoll answered 9/4, 2011 at 20:9 Comment(3)

You don't need to have a login for each developer. SSH/gitolite can handle several people behind a single git@server login, all of which are identified by their own SSH public key. – Houseclean 9/4, 2011 at 23:58

@Alexander, can you please describe how? – Wallflower 10/4, 2011 at 14:20

@Wallflower It's pretty simple: SSH only does the authentication, gitolite only handles authorization and the git protocol. A dev's public key is registered in the git user's ~/.ssh/autorized_keys. SSH will authorize/allow the dev to log in with the git account. ~/.ssh/autorized_keys also contains the "shell" to be run, which refers to gitolite's main script with the user name as the parameter. This script contains the authorization parts (it reads gitolite's config file) and will also handle the repo access. – Houseclean 10/4, 2011 at 17:34

I think the problem is that you ssh client (windows or linux version) is not finding the key file. I had the same problem and solved this way:

In my notebook, generated the key file (rafael.nicoletti@mycorporation) in ~/.ssh folder (where ~ is home folder. windows version is %HOME% env)
I added a file name config in ~/.ssh with following content:

IdentityFile ~/.ssh/rafael.nicoletti@corporation

In every location i want to access my git servers, i just copy those files in my %HOME% folder

You can also put the some things like this in config file:

IdentityFile /d/identity.key
IdentityFile /e/identity.key
IdentityFile /f/identity.key
IdentityFile /.../identity.key

So the config will look for keys in removable medias.

Yaker answered 27/1, 2012 at 2:57 Comment(0)

Recommended topics

Hot tags