Example of Git repository server SSH Authentication

Source: Internet
Author: User
Tags git client

Example of Git repository server SSH Authentication

Git provides three solutions for user management and management:

If everyone in the team needs to have the write permission on the repository and cannot create an account for everyone on the server, providing SSH connections is the only choice. We assume that the server used to share the repository has installed the SSH service and you access the server through it.

There are several ways to allow everyone in the team to have access.

The first method is to create an account for everyone, which is straightforward but cumbersome. It is not fun to run adduser repeatedly and set a temporary password for everyone.

The second method is to create a git account on the host so that everyone who needs to write permission can send an SSH public key and then add it to the git account ~ /. Ssh/authorized_keys file. In this way, everyone will access the host through the git account. This will not affect the submitted data-the identity used to access the host will not affect the commit records.

Another way is to allow the SSH server to authorize through an LDAP service or other configured centralized authorization mechanism. As long as everyone can gain shell access to the host, any available SSH authorization mechanism can achieve the same effect # If you need everyone in the team to have write permissions on the repository, if you cannot create an account on the server for everyone, providing an SSH connection is the only choice. We assume that the server used to share the repository has installed the SSH service and you access the server through it.

Git shared repository server: Linuxidc.lansgg.com 192.168.100.128

Git client testing machine: node1.lansgg.com 192.168.100.129

Example 1,

Git repository server, new repository, test machine to get git repository, modify, remote upload. Ssh Mode
[Root @ Linuxidc ~] # Useradd-d/opt/gitServer
[Root @ Linuxidc ~] # Echo "git" | passwd -- stdin gitServer
Change the password of your gitServer.
Passwd: All authentication tokens have been successfully updated.
[Root @ Linuxidc ~] # Yum install git-y
[Root @ Linuxidc ~] # Su-gitServer
[GitServer @ Linuxidc ~] $ Ls
[GitServer @ Linuxidc ~] $ Mkdir TestProject. git
[GitServer @ Linuxidc ~] $ Cd TestProject. git/
[GitServer @ Linuxidc TestProject. git] $ git -- bare init
Initialized empty Git repository in/opt/gitServer/TestProject. git/
[GitServer @ Linuxidc TestProject. git] $ ls
Branches config description HEAD hooks info objects refs

Customer Testing Machine

[Root @ node1 ~] # Useradd-d/opt/gitServer
[Root @ node1 ~] # Echo "gitServer" | passwd -- stdin gitServer
Change the password of your gitServer.
Passwd: All authentication tokens have been successfully updated.
[Root @ node1 ~] # Su-gitServer
[Root @ node1 ~] # Git clone gitServer@192.168.100.128:/opt/gitServer/TestProject. git
Initialized empty Git repository in/root/TestProject/. git/
The authenticity of host '192. 168.100.128 (192.168.100.128) 'can't be established.
RSA key fingerprint is 9f: 32: 3a: b0: db: 03: b6: c8: fc: a0: 47: 6c: e5: d1: b0: 6a.
Are you sure you want to continue connecting (yes/no )? Yes
Warning: Permanently added '192. 168.100.128 '(RSA) to the list of known hosts.
GitServer@192.168.100.128's password:
Warning: You appear to have cloned an empty repository.
[Root @ node1 ~] # Ls
Anaconda-ks.cfg install. log install. log. syslog TestProject
[Root @ node1 ~] # Cd TestProject/
[Root @ node1 TestProject] # echo "test file"> test. file
[Root @ node1 TestProject] # git add test. file
[Root @ node1 TestProject] # git config -- global user. name "gitServer"
[Root @ node1 TestProject] # git config -- global user. email git@lansgg.com
[Root @ node1 TestProject] # git commit-m "test commit" test. file
[Master 96bf273] test commit
1 files changed, 1 insertions (+), 1 deletions (-)
[GitServer @ node1 TestProject] $ git remote add test_remote_origin ssh: // 192.168.100.128/opt/gitServer/TestProject. git
[GitServer @ node1 TestProject] $ git push test_remote_origin master
GitServer@192.168.100.128's password:
Counting objects: 5, done.
Writing objects: 100% (3/3), 252 bytes, done.
Total 3 (delta 0), reused 0 (delta 0)
To ssh: // 192.168.100.128/opt/gitServer/TestProject. git
7e2e4a4 .. 96bf273 master-> master

Git repository Server

[GitServer @ Linuxidc TestProject. git] $ git log
Commit 96bf2738c6602283ea91778b999f7adf66c0082c
Author: gitServer <gitServer@lansgg.com>
Date: Tue Sep 22 17:05:12 2015 plus 0800
 
Test commit

We can find a directory to clone and check whether the submitted test. file exists.

[Root @ Linuxidc ~] # Mkdir/opt/tt
[Root @ Linuxidc ~] # Cd/opt/tt
[Root @ Linuxidc tt] # git clone gitServer@192.168.100.128:/opt/gitServer/TestProject. git
Initialized empty Git repository in/opt/tt/TestProject/. git/
The authenticity of host '192. 168.100.128 (192.168.100.128) 'can't be established.
RSA key fingerprint is 9f: 32: 3a: b0: db: 03: b6: c8: fc: a0: 47: 6c: e5: d1: b0: 6a.
Are you sure you want to continue connecting (yes/no )? Yes
Warning: Permanently added '192. 168.100.128 '(RSA) to the list of known hosts.
GitServer@192.168.100.128's password:
Remote: Counting objects: 6, done.
Remote: Compressing objects: 100% (2/2), done.
Processing objects: 100% (6/6), 435 bytes, done.
Remote: Total 6 (delta 0), reused 0 (delta 0)
[Root @ Linuxidc tt] # ls
TestProject
[Root @ Linuxidc tt] # cd TestProject/
[Root @ Linuxidc TestProject] # ls
Test. file
[Root @ Linuxidc TestProject] # cat test. file
Test file abc
[Root @ Linuxidc TestProject] #

Example 2,

Create two accounts user1 user2 on the test machine and upload the key to the git repository,

[Root @ node1 ~] # Useradd-d/opt/user1 user1
[Root @ node1 ~] # Echo "user1" | passwd -- stdin user1
Change the password of user1.
Passwd: All authentication tokens have been successfully updated.
[Root @ node1 ~] # Useradd-d/opt/user2 user2
[Root @ node1 ~] # Echo "user2" | passwd -- stdin user2
Change the password of user2.
Passwd: All authentication tokens have been successfully updated.
[Root @ node1 ~] #

[Root @ node1 ~] # Su-user1
[User1 @ node1 ~] $ Ssh-keygen-t rsa
[Root @ node1 ~] # Su-user2
[User1 @ node1 ~] $ Ssh-keygen-t rsa

Add the public keys of user1 and user2 to the git repository server.

[User2 @ node1. ssh] $ pwd
/Opt/user2/. ssh
[User2 @ node1. ssh] $ ll
Total usage 8
-Rw -------. 1 user2 user2 1671 September 22 17:18 id_rsa
-Rw-r --. 1 user2 user2 404 September 22 17:18 id_rsa.pub
[User2 @ node1. ssh] $ cat id_rsa.pub
Ssh-rsa Secure/secure/Gf16CWRMm8xuyA + secure + ux/secure/0ruX8vSFsFLev8 + yi7LjccChAu/suPIFGLqRXrkW8ymsN/l3CkldnS9Y0BQ = user2@node1.lansgg.com
[User2 @ node1. ssh] $

Git repository Service side

[GitServer @ Linuxidc ~] $ Mkdir. ssh & chmod 700. ssh
[GitServer @ Linuxidc ~] $ Touch. ssh/authorized_keys & chmod 600. ssh/authorized_keys

[GitServer @ Linuxidc ~] $ Cat. ssh/authorized_keys
Ssh-rsa keys/keys + keys/LEyXGYh + fyg8tFQ + keys + Y/il7lquwkrdVBiWfWHmf/keys + cores + nXUQYEnTrWyIiqt8/xvzmeDIf0Q = user1@node1.lansgg.com
Ssh-rsa Secure/secure/Gf16CWRMm8xuyA + secure + ux/secure/0ruX8vSFsFLev8 + yi7LjccChAu/suPIFGLqRXrkW8ymsN/l3CkldnS9Y0BQ = user2@node1.lansgg.com
[GitServer @ Linuxidc ~] $

User name and password are not required for the client Test Machine

[User1 @ node1 ~] $ Git clone gitServer@192.168.100.128:/opt/gitServer/TestProject. git
Initialized empty Git repository in/opt/user1/TestProject/. git/
The authenticity of host '192. 168.100.128 (192.168.100.128) 'can't be established.
RSA key fingerprint is 9f: 32: 3a: b0: db: 03: b6: c8: fc: a0: 47: 6c: e5: d1: b0: 6a.
Are you sure you want to continue connecting (yes/no )? Yes
Warning: Permanently added '192. 168.100.128 '(RSA) to the list of known hosts.
Remote: Counting objects: 9, done.
Remote: Compressing objects: 100% (3/3), done.
Remote: Total 9 (delta 0), reused 0 (delta 0)
Grouping objects: 100% (9/9), done.
[User1 @ node1 ~] $

If the following error is prompted During the submission process:

Counting objects: 3, done.
Writing objects: 100% (3/3), 247 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
Remote: error: refusing to update checked out branch: refs/heads/master
Remote: error: By default, updating the current branch in a non-bare repository
Remote: error: is denied, because it will make the index and work tree inconsistent
Remote: error: with what you pushed, and will require 'git reset -- hard' to match
Remote: error: the work tree to HEAD.
Remote: error:
Remote: error: You can set 'receive. denycurrentbranch' configuration variable
Remote: error: 'ignore' or 'warn' in the remote repository to allow pushing
Remote: error: its current branch; however, this is not recommended unless you
Remote: error: arranged to update its work tree to match what you pushed in some
Remote: error: other way.
Remote: error:
Remote: error: To squelch this message and still keep the default behaviour, set
Remote: error: 'receive. denycurrentbranch' configuration variable to 'refuse '.

Try to add the following configuration

[Git @ JumpServer1 pl. git] $ cat. git/config
[Receive]
DenyCurrentBranch = ignore

Submit again

GitHub Tutorials:

GitHub tutorials

Git tag management details

Git branch management

Git remote repository details

Git local Repository (Repository) Details

Git server setup and Client installation

Git Overview

Share practical GitHub tutorials

How to Build and use Git servers in Ubuntu

Git details: click here
Git: click here

This article permanently updates the link address:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.