woods.art
: Home Docs Downloads - Git repos

git and ssh Key Info

ssh Keys for git

Key Management

The best approach in my experience is to create another key for each git server or service. One for this, one for github, one for gitlab, etc. This allows for the moving of keys while not messing with your default keys used for normal ssh usage. Plus this allows for keys without passwords which is nice for git but not so nice for ssh login security.

Key Generation

I generally just amend the default key path with the service it's for. Like as follows:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/.ssh/id_rsa_gitserver
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa_gitserver
Your public key has been saved in /home/user/.ssh/id_rsa_gitserver.pub
The key fingerprint is:
...

.ssh/config Entry

Now that you have a key, having an .ssh/config entry for it will make your life a lot easier. This is an example of one.

Host gits
  Hostname somegitserver.com
  User git
  Port 22
  IdentityFile ~/.ssh/id_rsa_gitserver

Clearly one must fill this in with the correct info. This means that when you're using git all you have to do is:

$ git clone gits:user/repo.git

rather than something like:

$ GIT_SSH_COMMAND="ssh -i ~/.ssh/id_rsa_gitserver" git clone git@somegitserver.com:22/user/repo.git

git for the Server

gitolite Setup

Users can create their own repos. This is a VERY basic example:

$ git remote add gserv git@server:username/repo.git
$ git push --up-stream geserv

I suggest reading up on git but this shows you just have to put it to correct directory in gitolite, the username/repo.git.

gitolite Interface

See the gitolite docs and to get help on the commands

$ ssh git@server help
$ ssh git@server info -h
$ ssh git@server desc -h
$ ssh git@server perms -h

All this is fine and all, but these are some example of how to actually use them:

$ ssh git@server info # see what repos you have or have access to
$ ssh git@server desc username/repo.git # see current description
$ ssh git@server desc username/repo.git "this is a new description"
$ ssh git@server perms username/repo.git -l #list users
$ ssh git@server perms username/repo.git -lr #list rulesets
$ ssh git@server perms username/repo.git + READERS tim #adds tim's RO access
$ ssh git@server perms username/repo.git - WRITERS john #removes john's RW access

To get a repo to show up in cgit, just add gitweb as a READER so:

ssh git@server perms username/repo.git + READERS gitweb