CODEWITHSUNDEEP
gitversion-controlgitolite
Nic
Nic

Reputation: 13733

gitolite users cannot connect

I've got an issue with other users being able to connect to my gitolite server.

Everything is working fine on my end (I'm the admin and also did the gl-easy-install) - however, I've requested a pub from another user and added it to the keydir, along with adding their permissions to the gitolite-admin repo in the conf file. I git add and commit those files, and push them back up to the gitolite server. Everything looks good.

I told the user to try git clone [email protected]:gitolite-admin.git and they get a permission error. The command hooks are in the git user's authorized_keys file, so I'm a little confused as to what I'm missing.

I saw in some other answers that the correct address to use is [email protected]:gitolite-admin.git, but based on the authorized_keys file, that doesn't seem at all correct.

Help is much appreciated, thanks for your expertise!

Upvotes: 3

Views: 1452

Answers (3)

Ravi D
Ravi D

Reputation: 863

Make sure that the user who is trying to access the repository is trying to access from the same user account and with its corresponding rsa key ..,

For example : if you have added the root user public key to gitolite-admin and the user is trying to access from his sudo user account it woudnt work ..,

Upvotes: 0

Steve Prentice
Steve Prentice

Reputation: 23514

Usually these problems have to do with the permissions on the connecting users files in their .ssh directory. Make sure their id files are only readable by themselves (400). Also, make sure that the .ssh directory and all parent directories are not writable by anyone other than root and the user. For example, their directories should have permissions like so:

$ ls -ld . home home/prentice home/prentice/.ssh/
drwxr-xr-x 22 root     root     4096 2011-04-28 09:47 .
drwxr-xr-x  4 root     root     4096 2010-11-17 22:19 home
drwxr-xr-x 75 prentice prentice 4096 2011-06-15 13:56 home/prentice
drwx------  2 prentice prentice 4096 2011-04-20 08:07 home/prentice/.ssh/

Otherwise, ssh will reject their identity because it can be read or modified by others. Same goes for your authorized_keys file. If it can be modified by others (either directly, or by modifying the directories above it), ssh will not use it.

Upvotes: 3

Adam Dymitruk
Adam Dymitruk

Reputation: 129584

do a ssh -vvvv [email protected] on your machine. You will see what keys are offered. Now do the same on this user's machine. Also please post your config file for gitolite and if you have them, the ~/.ssh/config files if you guys have them. Replace your any sensitive repo with something generic.

(upvoted your question)

Upvotes: 6

Related Questions