gitosis asking for password

10.6k views Asked by At

I have setup a gitosis server following instructions from here. It works fine for the initial user but I have recently added a new user. Here are the steps I took.

  • Created an rsa keypair using ssh-keygen with filename johndoe.
  • Then copied it to the keydir in gitosis admin repo.
  • Edited the gitosis config file and added user johndoe to the list of members
  • Commited the changes using git commit -a -m "what i did"
  • Pushed the changes to the server

After that I tried to check out with the new keyfile. It asks for the passphrase and when I enter it correctly, it the asks for the password for user git!!! There is not password for user git.

Now I have turned off PasswordAuthentication in sshd_config and now it says 'Permission denied (publickey). I have checked the git user's authorized_keys file and only one key is authorized inside it, i.e. the initial key for the gitosis admin.

I have also double checked the permissions on the ./gitosis-admin.git/hooks/post-update hook and it has 755

7

There are 7 answers

3
ebneter On

Gitosis is kind of stupid — is the filename you used for the keyfile literally "johndoe"? If so, change that:

git mv keydir/johndoe keydir/johndoe.pub
git commit -m "changed key name"
git push

and try again.

Also, as Arlen Cuss points out, make sure it actually is the public key, not the private key.

0
amelia On

Make sure you're putting your public key inside your gitosis repo, and not your private one!

When you generate a keyfile, you'll get a .pub file—use that one, but put the name in your gitosis.conf without the .pub.

0
lutinwood On

Hi, I had the same problem, and I finally found a way out.

I had to follow the instructions given by many websites, but each time after

git clone git@[serveur_name]:gitosis-admin.git

It was asking password for GIT.

Resolution: I have inserted the admin public key (the one created on my client user; then imported into the server's tmp directory) inside my authorized_keys file (located in the /home/git/.ssh/ directory of the server) and it works now.

 cp authorized_keys authorized_keys.bak
 cat /tmp/id_dsa_git.pub >> authorized_keys

I found this @ http://fclose.com/b/linux/366/set-up-git-server-through-ssh-connection/

0
Marcus E On

Make sure you have also added (git add) the .pub-files, and committed and pushed them properly to the repository.

0
Interlated On

Most likely what happened is that the post-update hook didn't run properly.

Check that ~git/.ssh/authorized_keys has your public key in it.

If not, the post-update hook didn't run. Permissions which have subsequently been changed? Some other configuration error. Copied from somewhere else?

  1. On the server, checkout gitosis admin: git clone /path/to/gitosis-admin.git. Make an insignificant change to gitosis.conf. Check that your public key is in keydir. I had to run this as the git user.

  2. Commit gitosis.conf. git add gitosis.conf && git commit -m "refresh keys".

  3. Now check authorized_keys file.

  4. Change gitosis.conf back and commit again.

Test access. If authorized_keys isn't updated after this process, look in logs for error messages.

0
omni On

one thing that often goes wrong for windows users and isn't catched by most of the tutorials out there (since they assume you're on a linux client)

msysgit, the windows git console, is looking for your private key at /home/YOURUSERNAME/.ssh/id_rsa which at windows is (Windows 7) C:\Users\YOURUSERNAME.ssh\id_rsa

while most get it right with the folder, since its created automaticly, they miss that the file HAS TO be named "id_rsa" or it wont be used by msysgit. I didn't find a way to tell msysgit to use other keys

0
Zack On

I recently ran into this issue with a private repository for work. I came across this answer and read the answers; this and this did the trick.

To sum it up for posterity, make sure you add the .pub key to the gitosis-admin/keydir directory. It has to be a .pub file.

Commit & Push your changes to gitosis-admin.

Your ~/.ssh/authorized_keys will be automatically updated so no need to cat-redirect the output of your public key file to it.

Hope this helps