Authenticating users in git repository

Question

I have set up a new git repository and added only one public key of a developer to the authorized_keys file. But all the other users from other systems are also able to clone the contents of my git repo without being added in this file.

Where am I doing a mistake ? Can anyone guide me?

My ultimate aim is to have read/write access to only a set of developers and not to all the users.

Thanks

Answer 1

the "authorized_keys" file just tells the server which user can logon without providing a password; this has nothing to do with git access. If you want to manager read/write access to git repositories there are different strategies possible, but these are a few propositions:

• gitolite
• gitlab
• gitorious

gitolite requires much more manual manipulation to get this working (my experience); especially to make it working with LDAP access.

gitlab is my personal favorite; since bitnami provided a "one-click" installer that gave me a clean web interface that is well hosted and is easy to manage read/write access for each repository etc.

Answer 2

If those other users have an access to your server in any way (https, git:// protocol, shared folder), they would be able to clone your repo.

You need to make sure what url they are using (probably not an ssh one, since their public key isn't registered)

If you want to limit and control the access to your repo through ssh, you can consider installing gitolite.
See "How do programs like gitolite work?" for more.