1

I am trying to set up a Git server on a Debian server, but can not seem to add users that can successfully access it.

After doing gitosis-init, and cloning the gitosis-admin repository and adding the public key of the local machine in to the /keydir, and edit the gitosis.conf file, I commit and push. Just as many of the tutorials tell me to.

I have confirmed that the gitosis-admin repository has been updated correctly by cloning it to another location, and the updates have been made.

gitosis.conf

[gitosis] [group gitosis-admin] writable = gitosis-admin members = saifis@debian, saifis@local

Now, I try to clone gitosis-admin to a file on my local machine, and it gives a 

Permission denied (publickey).

error.

ssh -v gitosis@DebianAddress gives me 

OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to 192.168.xxx.xxx [192.168.xxx.xxx] port 22. debug1: Connection established. debug1: identity file /Users/saifis/.ssh/identity type -1 debug1: identity file /Users/saifis/.ssh/id_rsa type 1 debug1: identity file /Users/saifis/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5 debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.xxx.xxx' is known and matches the RSA host key. debug1: Found key in /Users/saifis/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey ----------------- debug1: Trying private key: /Users/saifis/.ssh/identity debug1: Trying private key: /Users/saifis/.ssh/id_dsa debug1: No more authentication methods to try. Permission denied (publickey).

I do not think its a key related problem since the same public key is used to signing in to the same server via SSH, and that works fine.

If anymore information is needed please fill me in.

---Added---- About the ~/gitosis/.ssh/authorized_keys. As my understanding, since authorized git users access via SSH through gitosis account, adding the public key to the authorized_keys does sound like the right answer, however at the top of the file, it has 

### autogenerated by gitosis, DO NOT EDIT

not saying I should blindly follow what ever it says, but adding the public key to authorized_keys would give all the users added in it access to the entire server via ssh, and I do not want to give that much control over to just repository users.

I thought that gitosis took care of that and only gave access when being accessed by the git methods, and not direct ssh access, or do they get added to authorized_keys anyway?

Improve this question
2
  • 1
    You put the public key in ~gitosis/.ssh/authorized_keys? Commented Nov 13, 2010 at 13:33
  • But wouldn't that give users added to the authorized_keys login access to the entire server via SSH? I only want them to be able to use git, and not access to the whole server Commented Nov 14, 2010 at 7:10

1 Answer 1

Reset to default
1

Before you've pushed anything, the only key that has any rights to the gitosis account is the one you passed to gitosis-init. That other keys have access to your regular user account is irrelevant. Compare the key in ~gitosis/.ssh/authorized_keys and ssh-add -L.

Gitosis works like this: on each push, a post-update hook runs and gitosis regenerates authorized_keys for its own account. If it didn't pick up your key, it most likely wasn't in the format gitosis expects. Since the hook is post-update the update will have been accepted even if it was invalid (gitosis could be more strict by having both an update and a post-update hook). Make a trivial change and push again from the host that has the initial key to look at gitosis error's messages. Adding the key to authorized_keys manually involves duplicating the correct line, replacing the key type, key data and username.

Improve this answer
4
  • 1
    ssh-add -L gave me The agent has no identities. Shouldn't adding the public keys to the keydir directory in the gitosis-admin repos and pushing it make it able to access through the gitosis account? Commented Nov 14, 2010 at 3:53
  • 1
    I misread, I didn't think you had been able to push. Now you need to check that the gitosis hook has run satisfactorily, so do look at the authorized_keys . Next, maybe look at the sshd logs. Commented Nov 14, 2010 at 3:58
  • authorized_keys only contain the public key that was used to initialize gitosis, will look into the sshd logs Commented Nov 14, 2010 at 8:52
  • Thanks, your additional information provided me with the information I needed. The permission for post-update was not set to be executable. I had seen this in some of the tutorials, but mistakenly set post-commit to executable, and not post-update. Anyway, you saved the week-end for me, thanks a lot. Commented Nov 14, 2010 at 13:54

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.