Jakub Narebski <jnareb@xxxxxxxxx> writes: > On Thu, 1 Oct 2009, Eugene Sajine wrote: > >> Thanks to everybody for prompt answers! > > You are welcome! > >> There is one thing I'm still missing though. Do I understand correctly that >> if a person has an ssh access (account) to the host in internal network, >> then this won't be enough for him to be able to push to the repo? Should we >> still go through the hassle of managing the ssh keys for each particular >> user who is supposed to have push access? > > Yes, it is enough to push (and fetch) via SSH protocol. To be a bit more precise: roughly, there are two ways to manage access to a Git repo via SSH: * One unix user (typically called "git") managing the repository, and eveybody connecting to the repo via ssh://git@.... Then, if you want any access control within the owned repositories for this user, you need a key-based authentication to be able to distinguish who's connecting. This is what gitorious does. * Everyone has its own unix account, and the repository is shared (via ACLs or simple group-based permissions, see git init --shared). Then, each user can choose the way he prefers for authentication, and if the user has an unrestricted account (i.e. can write ~/.ssh/authorized_keys), then it's the job of the users to manage this, not the one of the sysadmin. -- Matthieu Moy http://www-verimag.imag.fr/~moy/ -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html