On Fri, Sep 25, 2009 at 07:10:07AM +0100, Howard Miller wrote:
> 2009/9/24 Matthieu Moy <Matthieu.Moy@xxxxxxxxxxxxxxx>:
> > Heiko Voigt <hvoigt@xxxxxxxxxx> writes:
> >
> >> On Thu, Sep 24, 2009 at 03:51:44PM +0100, Howard Miller wrote:
> >> Not much different. It uses the command feature of the authorized_keys
> >> file of ssh to limit access to the 'gitosis-serve' command which is
> >> given the username from the gitosis.conf as argument.
> >
> > ... the username -> key association being done in gitosis's
> > configuration itself (the key held in keydir/foobar is the one of user
> > foobar).
>
>
> Yes, I realise that the association is done im gitosis' config file,
> but that is exactly my question - how does that association work?
>
> To take a step back - I have to put a name (or a name@hostname) in the
> configuration file. How do I know what that should be in the general
> sense?
Anything you like. The username is deducted from the filename in the
keydir file as Matthieu alredy pointed out. e.g:
keydir/hvoigt.pub <--- file contains my public key
gitosis.conf contents:
[group hvoigt-projects]
members = hvoigt
writable = myproject
That would give access to git@yourserver:myproject.git to the key in
hvoigt.pub. Technically its done using a update hook on the server which
is run when you push the configuration repository. It scans the config
and installs the keys in the authorized_keys file of the git user. The
above would look something like this in the git's users home dir:
.ssh/auhtorized_keys:
command="gitosis-serve hvoigt",no-port-forwarding,no-X11-forwarding,\
no-agent-forwarding,no-pty ssh-dss AAAA... hvoigt@localhost
Because ssh can match the key you are using to one of such lines the
gitosis-serve command is given the according username.
Does this make it a little bit clearer ?
cheers Heiko
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html