使用gitolite时会要求用户输入密码

时间:2012-06-06 00:01:39

标签: gitolite

我已在服务器(例如)gitolite-admin.git上成功创建了10.107.105.13个repo。我可以通过发布10.14.42.7在我的本地计算机(例如)git clone gitolite@10.107.105.13:gitolite-admin上克隆此存储库。我必须在.ssh/config文件中添加一些行以确保使用正确的私钥。

然后我将用户dilawar添加到conf/gitolite.conf文件,并将相应的密钥dilawar.pub添加到keys文件夹。我已经添加并将此提交提交给gitolite-admin repo。我还在.ssh/conf文件中添加了一个条目,以便使用正确的私钥。但是当我尝试git clone dilawar@10.107.105.13:testing时,gitolite要求输入密码。我的印象是我不必在10.107.105.13上创建用户dilawar。我已通过登录服务器检查存储库testing.git是否存在以及公共密钥dilawar.pub已添加到.ssh/authorized_keys

我还尝试ssh -vvvv dilawar@10.107.105.13检查是否提供了正确的文件。这是我的.ssh/conf文件。

HostName 10.107.105.13 
    User gitolite
    IdentityFile ~/.ssh/gitolite

Host 10.107.105.13
    HostName 10.107.105.13 
    User dilawar 
    IdentityFile ~/.ssh/id_rsa

我做错了什么?

5 个答案:

答案 0 :(得分:9)

在配置文件中,我看到:

User dilawar

那是错的。与gitolite服务器的ssh通信始终使用同一帐户(此处为gitolite)完成。
使用的私钥有什么变化,这将有助于gitolite确定您的身份。

~/.ssh/config文件应该是什么样的:

Host admin
    HostName 10.107.105.13 
    User gitolite
    IdentityFile ~/.ssh/gitolite

Host dilawar
    HostName 10.107.105.13 
    User gitolite
    IdentityFile ~/.ssh/id_rsa

要克隆gitolite-admin,您可以使用:

git clone admin:gitolite-admin

对于克隆,回购dilawar可以访问:

git clone dilawar:aRepo

点击“Gitolite: adding user not working, and DENIED by fallthru when cloning as root?”了解更多信息 另请参阅“how gitolite uses ssh

  

将公钥添加到服务器的~git/.ssh/authorized_keys文件是ssh如何使用pubkeys对用户进行身份验证。
  假设sita@work.station正在尝试以git@server身份登录   您需要做的是在工作站上获取用户~sita/.ssh/id_rsa.pub的{​​{1}}文件,并将其内容(请记住它只有一行)附加到用户{{1}的sita 服务器上的

     

authorized_keys文件可以添加多个公钥(来自许多不同的人),因此任何公钥都可以登录~git/.ssh/authorized_keys

答案 1 :(得分:3)

我通过使用gitolite用户名克隆存储库来实现它。

git clone gitolite@server:repo 

如果成功添加了键,则进一步拉动和推动将顺利进行。

我接受VomC答案作为更好的答案。

答案 2 :(得分:1)

VonC's answer是关键,但我遇到了一个极端情况,值得将来的搜索者提及。

即使您做的一切正确,如VonC的回答,ControlPath的某种标准设置也会使事情搞砸。

我在~/.ssh/config中有两个用户,如下所示:

Host gitolite
    HostName <whatever> 
    User git
    IdentityFile ~/.ssh/gitolite

Host username
    HostName <whatever> 
    User git
    IdentityFile ~/.ssh/username

从理论上讲,这应该可以让我运行git clone git@username:reponame,但是服务器一直认为我试图以gitolite管理员(其无权克隆该存储库)的身份来复制该存储库。作为gitolite用户(确实具有克隆存储库的权限)。

问题是在“所有主机”部分中,我有以下内容:

Hosts *
    # other stuff that doesn't matter
    ControlPath ~/.ssh/ssh-%r@%h:%p

如果您没有立即看到它(我没有!),问题在于%r@%h%p(= username@hostname:port)的扩展名与相同 gitolite和用户名条目。他们都是git@hostname:port!一旦意识到这一点,那就很容易解决。只需为这两个用户将区别元素添加到更具体的ControlPath条目中即可。例如,

Host gitolite
    HostName <whatever> 
    User git
    IdentityFile ~/.ssh/gitolite
    ControlPath ~/.ssh/gitolite-admin-%r@%h:%p

Host username
    HostName <whatever> 
    User git
    IdentityFile ~/.ssh/username
    ControlPath ~/.ssh/gitolite-telemachus-%r@%h:%p

答案 3 :(得分:0)

我必须修改#include <iostream> #include <ctime> #if defined(_MSC_VER) #include <cstdint> #include <windows.h> #define timesruct LARGE_INTEGER #define dotick(v) QueryPerformanceCounter(&v) timesruct freq; #else #define timesruct struct timespec #define dotick(v) clock_gettime(CLOCK_MONOTONIC, &v) #endif static const std::size_t bit_size = sizeof(uint64) * 8; template < std::size_t X, std::size_t Y > static void pack512to320_loop(const uint64 (&array512bits)[X], uint64 (&array320bits)[Y]) { const uint64* start = array512bits; const uint64* end = array512bits + (X-1); uint64 tmp = *start; uint64 tmask = 0; int i = 0, tot = 0, stot = 0, rem = 0, z = 0; bool excess = false; // this line is only here for validities sake, // it was commented out during testing for performance for (z = 0; z < Y; ++z) { array320bits[z] = 0; } while (start <= end) { while (stot < bit_size) { array320bits[i] |= ((tmp & 0x00000000000003FF) << tot); tot += 10; // increase shift left by 10 bits tmp = tmp >> 16; // shift off 2 bytes stot += 16; // increase shifted total if ((excess = ((tot + 10) >= bit_size))) { break; } } if (stot == bit_size) { tmp = *(++start); // get next value stot = 0; } if (excess) { rem = (bit_size - tot); // remainder bits to shift off tot = 0; // create the mask tmask = 0; for (z = 0; z < rem; ++z) { tmask |= (1 << z); } // get the last bits array320bits[i++] |= ((tmp & tmask) << (bit_size - rem)); // shift off and adjust tmp = tmp >> rem; rem = (10 - rem); // new mask tmask = 0; for (z = 0; z < rem; ++z) { tmask |= (1 << z); } array320bits[i] = (tmp & tmask); tot += rem; // increase shift left by remainder bits tmp = tmp >> (rem + 6); // shift off 2 bytes stot += 16; excess = false; } } } template < std::size_t X, std::size_t Y > static void pack512to320_manual_loop(const uint64 (&array512bits)[X], uint64 (&array320bits)[Y]) { if (((X == 0) || (X % 8 != 0)) || ((Y == 0) || (Y % 5 != 0)) || ((X < Y) || (Y % X != Y))) { // handle invalid sizes how you need here std::cerr << "Invalid sizes!" << std::endl; return; } uint64* a320 = array320bits; const uint64* end = array512bits + (X-1); for (const uint64* a512 = array512bits; a512 < end; a512 += 8) { *a320 = ( (a512[0] & 0x00000000000003FF) | // 10 -> 10 ((a512[0] & 0x0000000003FF0000) >> 6) | // 10 -> 20 ((a512[0] & 0x000003FF00000000) >> 12) | // 10 -> 30 ((a512[0] & 0x03FF000000000000) >> 18) | // 10 -> 40 ((a512[1] & 0x00000000000003FF) << 40) | // 10 -> 50 ((a512[1] & 0x0000000003FF0000) << 34) | // 10 -> 60 ((a512[1] & 0x0000000F00000000) << 28)); // 4 -> 64 ++a320; *a320 = ( ((a512[1] & 0x000003F000000000) >> 36) | // 6 -> 6 ((a512[1] & 0x03FF000000000000) >> 42) | // 10 -> 16 ((a512[2] & 0x00000000000003FF) << 16) | // 10 -> 26 ((a512[2] & 0x0000000003FF0000) << 10) | // 10 -> 36 ((a512[2] & 0x000003FF00000000) << 4) | // 10 -> 46 ((a512[2] & 0x03FF000000000000) >> 2) | // 10 -> 56 ((a512[3] & 0x00000000000000FF) << 56)); // 8 -> 64 ++a320; *a320 = ( ((a512[3] & 0x0000000000000300) >> 8) | // 2 -> 2 ((a512[3] & 0x0000000003FF0000) >> 14) | // 10 -> 12 ((a512[3] & 0x000003FF00000000) >> 20) | // 10 -> 22 ((a512[3] & 0x03FF000000000000) >> 26) | // 10 -> 32 ((a512[4] & 0x00000000000003FF) << 32) | // 10 -> 42 ((a512[4] & 0x0000000003FF0000) << 26) | // 10 -> 52 ((a512[4] & 0x000003FF00000000) << 20) | // 10 -> 62 ((a512[4] & 0x0003000000000000) << 14)); // 2 -> 64 ++a320; *a320 = ( ((a512[4] & 0x03FC000000000000) >> 50) | // 8 -> 8 ((a512[5] & 0x00000000000003FF) << 8) | // 10 -> 18 ((a512[5] & 0x0000000003FF0000) << 2) | // 10 -> 28 ((a512[5] & 0x000003FF00000000) >> 4) | // 10 -> 38 ((a512[5] & 0x03FF000000000000) >> 10) | // 10 -> 48 ((a512[6] & 0x00000000000003FF) << 48) | // 10 -> 58 ((a512[6] & 0x00000000003F0000) << 42)); // 6 -> 64 ++a320; *a320 = ( ((a512[6] & 0x0000000003C00000) >> 22) | // 4 -> 4 ((a512[6] & 0x000003FF00000000) >> 28) | // 10 -> 14 ((a512[6] & 0x03FF000000000000) >> 34) | // 10 -> 24 ((a512[7] & 0x00000000000003FF) << 24) | // 10 -> 34 ((a512[7] & 0x0000000003FF0000) << 18) | // 10 -> 44 ((a512[7] & 0x000003FF00000000) << 12) | // 10 -> 54 ((a512[7] & 0x03FF000000000000) << 6)); // 10 -> 64 ++a320; } } static void pack512to320_manual(uint64 (&a512)[8], uint64 (&a320)[5]) { a320[0] = ( (a512[0] & 0x00000000000003FF) | // 10 -> 10 ((a512[0] & 0x0000000003FF0000) >> 6) | // 10 -> 20 ((a512[0] & 0x000003FF00000000) >> 12) | // 10 -> 30 ((a512[0] & 0x03FF000000000000) >> 18) | // 10 -> 40 ((a512[1] & 0x00000000000003FF) << 40) | // 10 -> 50 ((a512[1] & 0x0000000003FF0000) << 34) | // 10 -> 60 ((a512[1] & 0x0000000F00000000) << 28)); // 4 -> 64 a320[1] = ( ((a512[1] & 0x000003F000000000) >> 36) | // 6 -> 6 ((a512[1] & 0x03FF000000000000) >> 42) | // 10 -> 16 ((a512[2] & 0x00000000000003FF) << 16) | // 10 -> 26 ((a512[2] & 0x0000000003FF0000) << 10) | // 10 -> 36 ((a512[2] & 0x000003FF00000000) << 4) | // 10 -> 46 ((a512[2] & 0x03FF000000000000) >> 2) | // 10 -> 56 ((a512[3] & 0x00000000000000FF) << 56)); // 8 -> 64 a320[2] = ( ((a512[3] & 0x0000000000000300) >> 8) | // 2 -> 2 ((a512[3] & 0x0000000003FF0000) >> 14) | // 10 -> 12 ((a512[3] & 0x000003FF00000000) >> 20) | // 10 -> 22 ((a512[3] & 0x03FF000000000000) >> 26) | // 10 -> 32 ((a512[4] & 0x00000000000003FF) << 32) | // 10 -> 42 ((a512[4] & 0x0000000003FF0000) << 26) | // 10 -> 52 ((a512[4] & 0x000003FF00000000) << 20) | // 10 -> 62 ((a512[4] & 0x0003000000000000) << 14)); // 2 -> 64 a320[3] = ( ((a512[4] & 0x03FC000000000000) >> 50) | // 8 -> 8 ((a512[5] & 0x00000000000003FF) << 8) | // 10 -> 18 ((a512[5] & 0x0000000003FF0000) << 2) | // 10 -> 28 ((a512[5] & 0x000003FF00000000) >> 4) | // 10 -> 38 ((a512[5] & 0x03FF000000000000) >> 10) | // 10 -> 48 ((a512[6] & 0x00000000000003FF) << 48) | // 10 -> 58 ((a512[6] & 0x00000000003F0000) << 42)); // 6 -> 64 a320[4] = ( ((a512[6] & 0x0000000003C00000) >> 22) | // 4 -> 4 ((a512[6] & 0x000003FF00000000) >> 28) | // 10 -> 14 ((a512[6] & 0x03FF000000000000) >> 34) | // 10 -> 24 ((a512[7] & 0x00000000000003FF) << 24) | // 10 -> 34 ((a512[7] & 0x0000000003FF0000) << 18) | // 10 -> 44 ((a512[7] & 0x000003FF00000000) << 12) | // 10 -> 54 ((a512[7] & 0x03FF000000000000) << 6)); // 10 -> 64 } template < std::size_t N > static void printit(uint64 (&arr)[N]) { for (std::size_t i = 0; i < N; ++i) { std::cout << "arr[" << i << "] = " << arr[i] << std::endl; } } static double elapsed_us(timesruct init, timesruct end) { #if defined(_MSC_VER) if (freq.LowPart == 0) { QueryPerformanceFrequency(&freq); } return (static_cast<double>(((end.QuadPart - init.QuadPart) * 1000000)) / static_cast<double>(freq.QuadPart)); #else return ((end.tv_sec - init.tv_sec) * 1000000) + (static_cast<double>((end.tv_nsec - init.tv_nsec)) / 1000); #endif } int main(int argc, char* argv[]) { uint64 val = 0x039F039F039F039F; uint64 a512[] = { val, val, val, val, val, val, val, val }; uint64 a320[] = { 0, 0, 0, 0, 0 }; int max_cnt = 1000000; timesruct init, end; std::cout << std::hex; dotick(init); for (int i = 0; i < max_cnt; ++i) { pack512to320_loop(a512, a320); } dotick(end); printit(a320); // rough estimate of timing / divide by iterations std::cout << "avg. us = " << (elapsed_us(init, end) / max_cnt) << " us" << std::endl; dotick(init); for (int i = 0; i < max_cnt; ++i) { pack512to320_manual(a512, a320); } dotick(end); printit(a320); // rough estimate of timing / divide by iterations std::cout << "avg. us = " << (elapsed_us(init, end) / max_cnt) << " us" << std::endl; dotick(init); for (int i = 0; i < max_cnt; ++i) { pack512to320_manual_loop(a512, a320); } dotick(end); printit(a320); // rough estimate of timing / divide by iterations std::cout << "avg. us = " << (elapsed_us(init, end) / max_cnt) << " us" << std::endl; return 0; } 并将/etc/ssh/sshd_config(用户)添加到以git开头的行。 然后我不得不将git添加到一个sysadmin组,该组也允许在以AllowUsers开头的sshd_config行上。

请勿忘记使用AllowGroups重新启动ssh守护程序。

注意:我没有sudo service ssh restart或者按照之前的建议将公钥添加到ssh-copy-id(gitolite&#39; s开发人员建议不要使用此btw。)

答案 4 :(得分:0)

由于我的配置,我遇到了同样的问题,使用了不同的解决方案。我将我的gitolite用户设置为“git”所以我需要du git clone git@server:repo.git