Skip to content

Instantly share code, notes, and snippets.

@akaihola
Last active October 3, 2015 06:08
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save akaihola/2405403 to your computer and use it in GitHub Desktop.
Save akaihola/2405403 to your computer and use it in GitHub Desktop.
gits - run Git while using a predefined private SSH key

gits - Git shared

Note

The instructions below haven't been checked. Please check them and make any necessary corrections. Thanks.

The problem

Multiple users need to e.g. do deployment on a server. Every user has their own SSH key on the server. On the machine with your shared Git repositories, you need to allow access to every user and add their keys. Lots of work.

It isn't possible to tell Git to use a specific SSH key when contacting a remote repository.

The solution

gits is a wrapper script around the git binary. It forces Git to use a fixed shared SSH key.

Installation

Copy gits on the server. We use /etc/gits/gits as the path for it, but you may prefer /usr/local/gits or whatever. In any case, make it executable:

sudo mkdir /etc/gits
sudo cp gits /etc/gits/gits
sudo chmod a+x /etc/gits/gits

Add everyone who is going to use gits to a common group:

sudo adduser johndoe www-data

Create an ssh key with ssh-keygen and rename it into /etc/gits/server_key:

ssh-keygen
sudo mv ~/.ssh/id_rsa /etc/gits/server_key
sudo chmod 440 /etc/gits/server_key
sudo chgrp www-data /etc/gits/server_key

Add the public key ~/.ssh/id_rsa.pub to your shared Git repository, e.g. Gitolite.

Modify the default umask for Git users (or all users) to allow group read+write access by default for newly created files and directories. On an Ubuntu system it looks like this is done globally in /etc/login.defs by changing:

UMASK        022

to:

UMASK        002

Usage

Clone a repository:

/etc/gits/gits clone git@my.git.server:my-repository

Make it owned by the shared group and set the sticky bit so the group of files and directories persists:

chgrp -R www-data my-repository

Make some commits, push them, and do a pull as another user:

cd my-repository
/etc/gits/gits pull

How does it work?

Honestly, I can't figure it out any more. I copied it from some guy on the internet.

#!/bin/bash
#
# gits - run Git while using a predefined private SSH key
#
# Usage examples:
#
# gits clone git@git.domain.com:repository.git
# gits pull
#
# Server key must be in /etc/gits/server_key
#
if [ "" == "$1" ]; then
echo "Usage: $0 clone git@git.domain.com:repository.git"
echo " $0 pull"
exit 1
fi
if [ "1" != "$_GIT_WRAPPER" ]; then
_GIT_WRAPPER=1 GIT_SSH="$0" git "$@"
else
exec ssh -i /etc/gits/server_key "$@"
fi
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment