Git warehouse server SSH authentication Example

Source: Internet
Author: User
Tags git client ssh server

Git in user management and management, the following three ways to solve:

Providing an SSH connection is the only option if you need everyone on the team to have write access to the repository, and you can't create an account for everyone on the server. We assume that the server used to share the repository already has the SSH service installed and that you access the server through it.

There are several ways to get everyone in the team access.


The first option is to create an account for everyone, straightforward but cumbersome. It's not fun to run AddUser repeatedly and set a temporary password for everyone.

The second option is to set up a Git account on the host, have each person who requires write permission to send an SSH public key, and then add it to the GIT account's ~/.ssh/authorized_keys file. This way, everyone will access the host through a git account. This does not affect the data being submitted-the identity of the access host does not affect the record of the commit.

Another option is to have the SSH server authorize through an LDAP service, or other centralized authorization mechanisms that are already set up. As long as everyone can get access to the host's shell, any available SSH authorization mechanism can achieve the same effect # if you need everyone on the team to have write access to the repository, and cannot set up an account on the server for everyone, then providing an SSH connection is the only option. We assume that the server used to share the repository already has the SSH service installed and that you access the server through it.

Git shared warehouse server: Aries.lansgg.com 192.168.100.128

GIT client test machine: node1.lansgg.com 192.168.100.129


Method One example,

Git repository server, new warehouse, test machine get git repository, modify, remote upload. SSH mode

[[email protected] ~]# useradd-d/opt/gitserver gitserver[[email protected] ~]# echo "git" |passwd--stdin gitserver change user g Itserver's password. PASSWD: All the authentication tokens have been successfully updated. [[email protected] ~]# yum install git-y[[email protected] ~]# su-gitserver[[email protected] ~]$ Ls[[email protected] ~]$ mkdir testproject.git[[email protected] ~]$ CD Testproject.git/[[email protected] testproject.git]$ git--bare initin  itialized empty Git repository In/opt/gitserver/testproject.git/[[email protected] testproject.git]$ lsbranches Config Description HEAD Hooks Info Objects Refs

Customer testing machine

[[email protected] ~]# useradd -d /opt/gitserver gitserver[[email protected ] ~]# echo  "Gitserver"  |passwd --stdin gitserver change user  gitServer  's password  . passwd:  all the authentication tokens have been successfully updated. [[email protected] ~]# su - gitserver[[email protected] ~]# git  clone [email protected]:/opt/gitserver/testproject.gitinitialized empty git  repository in /root/testproject/.git/the authenticity of host  ' 192.168.100.128   (192.168.100.128) '  can ' t be established. rsa key fingerprint is 9f:32:3a:b0:db:03:b6:c8:fc:a0:47:6c:e5:d1:b0:6a. are you sure you want to continue connecting  (yes/no)?  yesWarning : permanently added  ' 192.168.100.128 '   (RSA)  to the list of known  hosts. [email protected] ' S password: waRning: you appear to have cloned an empty repository. [[Email protected] ~]# lsanaconda-ks.cfg  install.log  install.log.syslog   TestProject[[email protected] ~]# cd TestProject/[[email protected]  testproject]# echo  "Test file"  > test.file[[email protected] testproject ]# git add test.file [[email protected] testproject]# git config  --global user.name  "Gitserver" [[email protected] testproject]# git config - -global user.email [email protected][[email protected] testproject]# git  commit -m  "Test commit"  test.file[master 96bf273] test commit 1  Files changed, 1 insertions (+),  1 deletions (-) [[email protected]  Testproject]$ git remote adD test_remote_origin ssh://192.168.100.128/opt/gitserver/testproject.git[[email protected]  testproject]$ git push test_remote_origin master[email protected] ' s  Password: counting objects: 5, done. writing objects: 100%  (3/3),  252 bytes, done. total 3  (delta 0), reused 0  (delta 0) to ssh://192.168.100.128/opt/ Gitserver/testproject.git   7e2e4a4. 96bf273  master -> master

Git repository server

[[email protected] testproject.git]$ git logcommit 96bf2738c6602283ea91778b999f7adf66c0082cauthor:gitserver <[ Email protected]>date:tue Sep 17:05:12 +0800 Test Commit

We can find a directory clone to see if there is a test.file that has just been submitted.

[[email protected] ~]# mkdir /opt/tt[[email protected] ~]# cd /opt/tt[ [email protected] tt]# git clone [email protected]:/opt/gitserver/ testproject.gitinitialized empty git repository in /opt/tt/testproject/.git/the  authenticity of host  ' 192.168.100.128  (192.168.100.128) '  can ' t be  Established. rsa key fingerprint is 9f:32:3a:b0:db:03:b6:c8:fc:a0:47:6c:e5:d1:b0:6a. are you sure you want to continue connecting  (yes/no)?  yesWarning : permanently added  ' 192.168.100.128 '   (RSA)  to the list of known  hosts. [email protected] ' s password: remote: counting objects: 6, done.remote:  Compressing objects: 100%  (2/2),  done. receiving objects: 100%  (6/6),  435 bytes, done.remote: total 6  (delta 0), reused 0  (delta 0) [[email protected]  tt]# lstestproject[[email protected] tt]# cd testproject/[[email protected ] testproject]# lstest.file[[email protected] testproject]# cat test.file  test file abc[[email protected] testproject]#

Method two examples,

Create two accounts user1 user2 on the test machine, upload the secret key to the Git warehouse side separately,

[[email protected] ~]# useradd-d/opt/user1 user1[[email protected] ~]# echo "user1" |passwd--stdin user1 change user user1 password 。 PASSWD: All the authentication tokens have been successfully updated. [[email protected] ~]# useradd-d/opt/user2 user2[[email protected] ~]# echo "user2" |passwd--stdin user2 change user user2 password 。 PASSWD: All the authentication tokens have been successfully updated. [Email protected] ~]#
[[email protected] ~]# su-user1[[email protected] ~]$ ssh-keygen-t rsa[[email protected] ~]# su-user2[[email protecte D] ~]$ ssh-keygen-t RSA

Add the User1, User2 user's public key to the GIT repository server side

[[email protected]. ssh]$ pwd/opt/user2/.ssh[[email protected]. ssh]$ ll total dosage 8-rw-------. 1 user2 user2 1671 September 17:18 id_rsa-rw-r--r--. 1 user2 user2 404 September 17:18 id_rsa.pub[[email protected]. ssh]$ Cat id_rsa.pub Ssh-rsa aaaab3nzac1yc2eaaaabiwaaaqeap0i m8il7ur2b0pwrj98yy/nqvjnuywnc2f52syn1/wa8rwgbww0wbmkmoyw8yfspcvk7qbyhx48y3kf/gf16cwrmm8xuya+ s5seq3zgnlbbvhb0omo8vdaldovniupdi6005+ux/ Wbg1fkr3wxgs5k92zo9hbxxpcvawpvhy47t1v2lh5fw2jthypwmoludp9tany7fkd2zaunhbdqm1w67osydihamfj183seso9tykixjvwljeldumfywptwfvq u2rxv0ly68b2mwr1pl5mcgpa4/0rux8vsfsflev8+yi7ljccchau/supifglqrxrkw8ymsn/l3ckldns9y0bq== [Email Protected][[email Protected]. ssh]$

Git repository service side

[[email protected] ~]$ mkdir .ssh &&  chmod 700 .ssh[[email protected] ~]$ touch .ssh/authorized_keys & & chmod 600 .ssh/authorized_keys 
[[email protected] ~]$ cat .ssh/authorized_keys  ssh-rsa aaaab3nzac1yc2eaaaabiwaaaqea1pii1u64n/wl1oxotwdcu8d8+ ad0q6tkqdbgxlcr5zqxiq9ppe1nelj5hs9uivzen/leyxgyh+fyg8tfq+ 2pn3cmxnvwwcciyl1akagtekudleh8qcxpzki0yzbpgtbuywyhnja6qd9cvjsdke9cvvwsv7n1z17mx1uifnsusz9e4xqusjksbazayegar4s13 +y/il7lquwkrdvbiwfwhmf/woey2rnznbe9ytpvfupl8heoyyyau+ Yxxmzkoz8jwulu1cpdjhtqustyqdewmgjwddoiipgtyvoevgzc0cqv16m2ypvqw26rrz+nxuqyentrwyiiqt8/xvzmedif0q== [email  protected]ssh-rsa aaaab3nzac1yc2eaaaabiwaaaqeap0im8il7ur2b0pwrj98yy/nqvjnuywnc2f52syn1/ wa8rwgbww0wbmkmoyw8yfspcvk7qbyhx48y3kf/gf16cwrmm8xuya+s5seq3zgnlbbvhb0omo8vdaldovniupdi6005+ux/ Wbg1fkr3wxgs5k92zo9hbxxpcvawpvhy47t1v2lh5fw2jthypwmoludp9tany7fkd2zaunhbdqm1w67osydihamfj183seso9tykixjvwljeldumfywptwfvq u2rxv0ly68b2mwr1pl5mcgpa4/0rux8vsfsflev8+yi7ljccchau/supifglqrxrkw8ymsn/l3ckldns9y0bq== [email  protected][[email protected] ~]$ 

Customer test machine    No user name, password

[[email protected] ~]$ git clone [email  protected]:/opt/gitserver/testproject.gitinitialized empty git repository in /opt/ user1/testproject/.git/the authenticity of host  ' 192.168.100.128  (192.168.100.128) '  can ' t be established. rsa key fingerprint is 9f:32:3a:b0:db:03:b6:c8:fc:a0:47:6c:e5:d1:b0:6a. are you sure you want to continue connecting  (yes/no)?  yesWarning : permanently added  ' 192.168.100.128 '   (RSA)  to the list of known  hosts.remote: Counting objects: 9, done.remote: Compressing objects:  100%  (3/3), done.remote: total 9  (delta 0), reused 0  (delta  0) receiving objects: 100%  (9/9),  done. [[email protected] ~]$ 


If the submission process: Prompt for the following error

Counting objects: 3, done. writing objects: 100%  (3/3),  247 bytes | 0 bytes/s, done. total 3  (delta 0), reused 0  (delta 0) remote: error: refusing  to update checked out branch: refs/heads/masterremote: error: by  default, updating the current branch in a non-bare  repositoryremote: error: is denied, because it will make the  index and work tree inconsistentremote: error: with what you  pushed, and will require  ' Git reset --hard '  to matchremote: error :  the work tree to head.remote: error:remote: error: you can  set  ' receive.denycurrentbranch '  configuration variable toremote: error:  ' Ignore '  or  ' warn '  in the remote repository to allow pushing intoremote:  error: its current branch; however, this is not recommended  unless youremote: error: arranged to update its work tree  To match what you pushed in someremote: error: other way.remote:  error:remote: error: to squelch this message and still keep  the default behaviour, setremote: error:  ' Receive.denycurrentbranch '   configuration variable to  ' refuse '.

Try adding the following configuration to the

[[email protected] pl.git]$ cat. Git/config [receive] Denycurrentbranch = Ignore

Submit again

This article is from the "Big Wind" blog, please be sure to keep this source http://lansgg.blog.51cto.com/5675165/1697247

Git warehouse server SSH authentication Example

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.