我已在服务器(例如)gitolite-admin.git上成功创建了10.107.105.13个repo。我可以通过发布10.14.42.7在我的本地计算机(例如)git clone gitolite@10.107.105.13:gitolite-admin上克隆此存储库。我必须在.ssh/config文件中添加一些行以确保使用正确的私钥。
然后我将用户dilawar添加到conf/gitolite.conf文件,并将相应的密钥dilawar.pub添加到keys文件夹。我已经添加并将此提交提交给gitolite-admin repo。我还在.ssh/conf文件中添加了一个条目,以便使用正确的私钥。但是当我尝试git clone dilawar@10.107.105.13:testing时,gitolite要求输入密码。我的印象是我不必在10.107.105.13上创建用户dilawar。我已通过登录服务器检查存储库testing.git是否存在以及公共密钥dilawar.pub已添加到.ssh/authorized_keys。
我还尝试ssh -vvvv dilawar@10.107.105.13检查是否提供了正确的文件。这是我的.ssh/conf文件。
HostName 10.107.105.13
User gitolite
IdentityFile ~/.ssh/gitolite
Host 10.107.105.13
HostName 10.107.105.13
User dilawar
IdentityFile ~/.ssh/id_rsa
我做错了什么?
答案 0 :(得分:9)
在配置文件中,我看到:
User dilawar
那是错的。与gitolite服务器的ssh通信始终使用同一帐户(此处为gitolite)完成。
使用的私钥有什么变化,这将有助于gitolite确定您的身份。
~/.ssh/config文件应该是什么样的:
Host admin
HostName 10.107.105.13
User gitolite
IdentityFile ~/.ssh/gitolite
Host dilawar
HostName 10.107.105.13
User gitolite
IdentityFile ~/.ssh/id_rsa
要克隆gitolite-admin,您可以使用:
git clone admin:gitolite-admin
对于克隆,回购dilawar可以访问:
git clone dilawar:aRepo
点击“Gitolite: adding user not working, and DENIED by fallthru when cloning as root?”了解更多信息 另请参阅“how gitolite uses ssh”
将公钥添加到服务器的
~git/.ssh/authorized_keys文件是ssh如何使用pubkeys对用户进行身份验证。
假设sita@work.station正在尝试以git@server身份登录 您需要做的是在工作站上获取用户~sita/.ssh/id_rsa.pub的{{1}}文件,并将其内容(请记住它只有一行)附加到用户{{1}的sita服务器上的。authorized_keys文件可以添加多个公钥(来自许多不同的人),因此任何公钥都可以登录
~git/.ssh/authorized_keys。
答案 1 :(得分:3)
我通过使用gitolite用户名克隆存储库来实现它。
git clone gitolite@server:repo
如果成功添加了键,则进一步拉动和推动将顺利进行。
我接受VomC答案作为更好的答案。
答案 2 :(得分:1)
VonC's answer是关键,但我遇到了一个极端情况,值得将来的搜索者提及。
即使您做的一切正确,如VonC的回答,ControlPath的某种标准设置也会使事情搞砸。
我在~/.ssh/config中有两个用户,如下所示:
Host gitolite
HostName <whatever>
User git
IdentityFile ~/.ssh/gitolite
Host username
HostName <whatever>
User git
IdentityFile ~/.ssh/username
从理论上讲,这应该可以让我运行git clone git@username:reponame,但是服务器一直认为我试图以gitolite管理员(其无权克隆该存储库)的身份来复制该存储库。作为gitolite用户(确实具有克隆存储库的权限)。
问题是在“所有主机”部分中,我有以下内容:
Hosts *
# other stuff that doesn't matter
ControlPath ~/.ssh/ssh-%r@%h:%p
如果您没有立即看到它(我没有!),问题在于%r@%h%p(= username@hostname:port)的扩展名与相同 gitolite和用户名条目。他们都是git@hostname:port!一旦意识到这一点,那就很容易解决。只需为这两个用户将区别元素添加到更具体的ControlPath条目中即可。例如,
Host gitolite
HostName <whatever>
User git
IdentityFile ~/.ssh/gitolite
ControlPath ~/.ssh/gitolite-admin-%r@%h:%p
Host username
HostName <whatever>
User git
IdentityFile ~/.ssh/username
ControlPath ~/.ssh/gitolite-telemachus-%r@%h:%p
答案 3 :(得分:0)
我必须修改#include <iostream>
#include <ctime>
#if defined(_MSC_VER)
#include <cstdint>
#include <windows.h>
#define timesruct LARGE_INTEGER
#define dotick(v) QueryPerformanceCounter(&v)
timesruct freq;
#else
#define timesruct struct timespec
#define dotick(v) clock_gettime(CLOCK_MONOTONIC, &v)
#endif
static const std::size_t bit_size = sizeof(uint64) * 8;
template < std::size_t X, std::size_t Y >
static void pack512to320_loop(const uint64 (&array512bits)[X], uint64 (&array320bits)[Y])
{
const uint64* start = array512bits;
const uint64* end = array512bits + (X-1);
uint64 tmp = *start;
uint64 tmask = 0;
int i = 0, tot = 0, stot = 0, rem = 0, z = 0;
bool excess = false;
// this line is only here for validities sake,
// it was commented out during testing for performance
for (z = 0; z < Y; ++z) { array320bits[z] = 0; }
while (start <= end) {
while (stot < bit_size) {
array320bits[i] |= ((tmp & 0x00000000000003FF) << tot);
tot += 10; // increase shift left by 10 bits
tmp = tmp >> 16; // shift off 2 bytes
stot += 16; // increase shifted total
if ((excess = ((tot + 10) >= bit_size))) { break; }
}
if (stot == bit_size) {
tmp = *(++start); // get next value
stot = 0;
}
if (excess) {
rem = (bit_size - tot); // remainder bits to shift off
tot = 0;
// create the mask
tmask = 0;
for (z = 0; z < rem; ++z) { tmask |= (1 << z); }
// get the last bits
array320bits[i++] |= ((tmp & tmask) << (bit_size - rem));
// shift off and adjust
tmp = tmp >> rem;
rem = (10 - rem);
// new mask
tmask = 0;
for (z = 0; z < rem; ++z) { tmask |= (1 << z); }
array320bits[i] = (tmp & tmask);
tot += rem; // increase shift left by remainder bits
tmp = tmp >> (rem + 6); // shift off 2 bytes
stot += 16;
excess = false;
}
}
}
template < std::size_t X, std::size_t Y >
static void pack512to320_manual_loop(const uint64 (&array512bits)[X], uint64 (&array320bits)[Y])
{
if (((X == 0) || (X % 8 != 0)) || ((Y == 0) || (Y % 5 != 0)) || ((X < Y) || (Y % X != Y))) {
// handle invalid sizes how you need here
std::cerr << "Invalid sizes!" << std::endl;
return;
}
uint64* a320 = array320bits;
const uint64* end = array512bits + (X-1);
for (const uint64* a512 = array512bits; a512 < end; a512 += 8) {
*a320 = (
(a512[0] & 0x00000000000003FF) | // 10 -> 10
((a512[0] & 0x0000000003FF0000) >> 6) | // 10 -> 20
((a512[0] & 0x000003FF00000000) >> 12) | // 10 -> 30
((a512[0] & 0x03FF000000000000) >> 18) | // 10 -> 40
((a512[1] & 0x00000000000003FF) << 40) | // 10 -> 50
((a512[1] & 0x0000000003FF0000) << 34) | // 10 -> 60
((a512[1] & 0x0000000F00000000) << 28)); // 4 -> 64
++a320;
*a320 = (
((a512[1] & 0x000003F000000000) >> 36) | // 6 -> 6
((a512[1] & 0x03FF000000000000) >> 42) | // 10 -> 16
((a512[2] & 0x00000000000003FF) << 16) | // 10 -> 26
((a512[2] & 0x0000000003FF0000) << 10) | // 10 -> 36
((a512[2] & 0x000003FF00000000) << 4) | // 10 -> 46
((a512[2] & 0x03FF000000000000) >> 2) | // 10 -> 56
((a512[3] & 0x00000000000000FF) << 56)); // 8 -> 64
++a320;
*a320 = (
((a512[3] & 0x0000000000000300) >> 8) | // 2 -> 2
((a512[3] & 0x0000000003FF0000) >> 14) | // 10 -> 12
((a512[3] & 0x000003FF00000000) >> 20) | // 10 -> 22
((a512[3] & 0x03FF000000000000) >> 26) | // 10 -> 32
((a512[4] & 0x00000000000003FF) << 32) | // 10 -> 42
((a512[4] & 0x0000000003FF0000) << 26) | // 10 -> 52
((a512[4] & 0x000003FF00000000) << 20) | // 10 -> 62
((a512[4] & 0x0003000000000000) << 14)); // 2 -> 64
++a320;
*a320 = (
((a512[4] & 0x03FC000000000000) >> 50) | // 8 -> 8
((a512[5] & 0x00000000000003FF) << 8) | // 10 -> 18
((a512[5] & 0x0000000003FF0000) << 2) | // 10 -> 28
((a512[5] & 0x000003FF00000000) >> 4) | // 10 -> 38
((a512[5] & 0x03FF000000000000) >> 10) | // 10 -> 48
((a512[6] & 0x00000000000003FF) << 48) | // 10 -> 58
((a512[6] & 0x00000000003F0000) << 42)); // 6 -> 64
++a320;
*a320 = (
((a512[6] & 0x0000000003C00000) >> 22) | // 4 -> 4
((a512[6] & 0x000003FF00000000) >> 28) | // 10 -> 14
((a512[6] & 0x03FF000000000000) >> 34) | // 10 -> 24
((a512[7] & 0x00000000000003FF) << 24) | // 10 -> 34
((a512[7] & 0x0000000003FF0000) << 18) | // 10 -> 44
((a512[7] & 0x000003FF00000000) << 12) | // 10 -> 54
((a512[7] & 0x03FF000000000000) << 6)); // 10 -> 64
++a320;
}
}
static void pack512to320_manual(uint64 (&a512)[8], uint64 (&a320)[5])
{
a320[0] = (
(a512[0] & 0x00000000000003FF) | // 10 -> 10
((a512[0] & 0x0000000003FF0000) >> 6) | // 10 -> 20
((a512[0] & 0x000003FF00000000) >> 12) | // 10 -> 30
((a512[0] & 0x03FF000000000000) >> 18) | // 10 -> 40
((a512[1] & 0x00000000000003FF) << 40) | // 10 -> 50
((a512[1] & 0x0000000003FF0000) << 34) | // 10 -> 60
((a512[1] & 0x0000000F00000000) << 28)); // 4 -> 64
a320[1] = (
((a512[1] & 0x000003F000000000) >> 36) | // 6 -> 6
((a512[1] & 0x03FF000000000000) >> 42) | // 10 -> 16
((a512[2] & 0x00000000000003FF) << 16) | // 10 -> 26
((a512[2] & 0x0000000003FF0000) << 10) | // 10 -> 36
((a512[2] & 0x000003FF00000000) << 4) | // 10 -> 46
((a512[2] & 0x03FF000000000000) >> 2) | // 10 -> 56
((a512[3] & 0x00000000000000FF) << 56)); // 8 -> 64
a320[2] = (
((a512[3] & 0x0000000000000300) >> 8) | // 2 -> 2
((a512[3] & 0x0000000003FF0000) >> 14) | // 10 -> 12
((a512[3] & 0x000003FF00000000) >> 20) | // 10 -> 22
((a512[3] & 0x03FF000000000000) >> 26) | // 10 -> 32
((a512[4] & 0x00000000000003FF) << 32) | // 10 -> 42
((a512[4] & 0x0000000003FF0000) << 26) | // 10 -> 52
((a512[4] & 0x000003FF00000000) << 20) | // 10 -> 62
((a512[4] & 0x0003000000000000) << 14)); // 2 -> 64
a320[3] = (
((a512[4] & 0x03FC000000000000) >> 50) | // 8 -> 8
((a512[5] & 0x00000000000003FF) << 8) | // 10 -> 18
((a512[5] & 0x0000000003FF0000) << 2) | // 10 -> 28
((a512[5] & 0x000003FF00000000) >> 4) | // 10 -> 38
((a512[5] & 0x03FF000000000000) >> 10) | // 10 -> 48
((a512[6] & 0x00000000000003FF) << 48) | // 10 -> 58
((a512[6] & 0x00000000003F0000) << 42)); // 6 -> 64
a320[4] = (
((a512[6] & 0x0000000003C00000) >> 22) | // 4 -> 4
((a512[6] & 0x000003FF00000000) >> 28) | // 10 -> 14
((a512[6] & 0x03FF000000000000) >> 34) | // 10 -> 24
((a512[7] & 0x00000000000003FF) << 24) | // 10 -> 34
((a512[7] & 0x0000000003FF0000) << 18) | // 10 -> 44
((a512[7] & 0x000003FF00000000) << 12) | // 10 -> 54
((a512[7] & 0x03FF000000000000) << 6)); // 10 -> 64
}
template < std::size_t N >
static void printit(uint64 (&arr)[N])
{
for (std::size_t i = 0; i < N; ++i) {
std::cout << "arr[" << i << "] = " << arr[i] << std::endl;
}
}
static double elapsed_us(timesruct init, timesruct end)
{
#if defined(_MSC_VER)
if (freq.LowPart == 0) { QueryPerformanceFrequency(&freq); }
return (static_cast<double>(((end.QuadPart - init.QuadPart) * 1000000)) / static_cast<double>(freq.QuadPart));
#else
return ((end.tv_sec - init.tv_sec) * 1000000) + (static_cast<double>((end.tv_nsec - init.tv_nsec)) / 1000);
#endif
}
int main(int argc, char* argv[])
{
uint64 val = 0x039F039F039F039F;
uint64 a512[] = { val, val, val, val, val, val, val, val };
uint64 a320[] = { 0, 0, 0, 0, 0 };
int max_cnt = 1000000;
timesruct init, end;
std::cout << std::hex;
dotick(init);
for (int i = 0; i < max_cnt; ++i) {
pack512to320_loop(a512, a320);
}
dotick(end);
printit(a320);
// rough estimate of timing / divide by iterations
std::cout << "avg. us = " << (elapsed_us(init, end) / max_cnt) << " us" << std::endl;
dotick(init);
for (int i = 0; i < max_cnt; ++i) {
pack512to320_manual(a512, a320);
}
dotick(end);
printit(a320);
// rough estimate of timing / divide by iterations
std::cout << "avg. us = " << (elapsed_us(init, end) / max_cnt) << " us" << std::endl;
dotick(init);
for (int i = 0; i < max_cnt; ++i) {
pack512to320_manual_loop(a512, a320);
}
dotick(end);
printit(a320);
// rough estimate of timing / divide by iterations
std::cout << "avg. us = " << (elapsed_us(init, end) / max_cnt) << " us" << std::endl;
return 0;
}
并将/etc/ssh/sshd_config(用户)添加到以git开头的行。
然后我不得不将git添加到一个sysadmin组,该组也允许在以AllowUsers开头的sshd_config行上。
请勿忘记使用AllowGroups重新启动ssh守护程序。
注意:我没有sudo service ssh restart或者按照之前的建议将公钥添加到ssh-copy-id(gitolite&#39; s开发人员建议不要使用此btw。)
答案 4 :(得分:0)
由于我的配置,我遇到了同样的问题,使用了不同的解决方案。我将我的gitolite用户设置为“git”所以我需要du git clone git@server:repo.git