Getting git daemon to work with key+passphrase

144 views
Skip to first unread message

Erik Pukinskis

unread,
May 7, 2008, 8:09:20 PM5/7/08
to Gitorious
Hello,

I'm trying to get gitorious up and running on forkolator.org. Things
are going well, the front end is working, I figured out the task
queue, etc. I'm stuck on a problem though:

When I try to push some changes up to my server, instead of asking for
the passphrase for my key, it asks me for g...@forkolator.org's
password. I'm running the git daemon as root (I know, maybe a bad
idea?) by running script/git-daemon. And it looks like my public key
is in /root/.ssh/authorized_keys. That file looks like:

### START KEY 1 ###
command="gitorious erik",no-port-forwarding,no-X11-forwarding,no-agent-
forwarding,no-pty ssh-dss AAAAB3NzaC1kc3MAAA
etc...

I can push just fine to gitorious.org with the same key, so it must be
something wrong with my server configuration. Does anyone have any
ideas what might be going wrong?

Or failing that... can anyone give me some guidance on where to look
debugging-wise? I've spent most of the day poking around and haven't
had much luck. My best guess is that it has something to do with
what's happening in the strainer class, and the SSH module, but I'm
not sure.

Thanks for any help you can offer!

Erik

Johan Sørensen

unread,
May 8, 2008, 8:54:00 AM5/8/08
to gito...@googlegroups.com
Hi,

First off, don't run it as root. Really.

OK, so the git-daemon is for the git:// protocol only, you can't push
to it. Pushing is done over SSH. So, the command="gitorious erik" part
of the publickey entry is the one that does some sanity and permission
checking (aborting early if it fails), by running the gitorious bin
(so it needs to be somewhere in the ssh daemons $PATH, I symlink mine
from RAILS_ROOT/script/gitorious to /bin/gitorious), and passed your
username (which in turn is coupled to the publickey following it) and
the path to the repos you want to push to. It checks permissions by
asking the app for it, or aborts or gives the a-ok if everything is
fine.


By the way, I hope you'll be able to contribute back to Gitorious,
it's kinda weird there's already two forks (the other being
"appcast"), when I still consider gitorious to be pretty early on
feature wise. :)

>
> Thanks for any help you can offer!
>
> Erik

Cheers,
JS

Erik Pukinskis

unread,
May 11, 2008, 10:22:48 AM5/11/08
to Gitorious
> OK, so the git-daemon is for the git:// protocol only, you can't push
> to it. Pushing is done over SSH. So, the command="gitorious erik" part
> of the publickey entry is the one that does some sanity and permission
> checking (aborting early if it fails), by running the gitorious bin
> (so it needs to be somewhere in the ssh daemons $PATH, I symlink mine
> from RAILS_ROOT/script/gitorious to /bin/gitorious), and passed your
> username (which in turn is coupled to the publickey following it) and
> the path to the repos you want to push to. It checks permissions by
> asking the app for it, or aborts or gives the a-ok if everything is
> fine.

Aahhhhh! That makes sense. That's working now, thanks! I've been
keeping track of everything that needs to be done to set up Gitorious
and it's posted here:

http://erikonrails.wordpress.com/2008/05/11/how-to-get-gitorious-running-on-your-own-server/

I'll add that stuff to the HACKING file as soon as I figure out the
ultrasphinx stuff and graph_generator, and the other bits and pieces I
have left to configure.

> By the way, I hope you'll be able to contribute back to Gitorious,
> it's kinda weird there's already two forks (the other being
> "appcast"), when I still consider gitorious to be pretty early on
> feature wise. :)

Yeah, I'd love not to fork Gitorious, and keep our source trees
synced, or at least keep them compatible with one another. The only
reason to fork would be if you decide you don't want to use some of
the stuff I implement.

Anyway, thanks for writing all this great code for us to work with!
And sorry for the spam from running the Rspec tests. I changed the
email address in my tree so it goes to me instead of you. I wonder if
there's some way to have a TEST_EMAIL setting in gitorious.yml and use
that instead of hard-coding your email address into the fixtures.

Best,

Erik

Erik

Johan Sørensen

unread,
May 12, 2008, 7:23:17 AM5/12/08
to gito...@googlegroups.com
On Sun, May 11, 2008 at 4:22 PM, Erik Pukinskis <erikpu...@gmail.com> wrote:

> email address in my tree so it goes to me instead of you. I wonder if
> there's some way to have a TEST_EMAIL setting in gitorious.yml and use
> that instead of hard-coding your email address into the fixtures.

There's no reason to send out emails in the test (or development)
environment. That's the default too, so you must've changed it.

$ grep delivery_method config/environments/test.rb
config.action_mailer.delivery_method = :test

>
> Best,
>
> Erik

Cheers,
JS

Erik Pukinskis

unread,
May 12, 2008, 1:57:31 PM5/12/08
to gito...@googlegroups.com
On Mon, May 12, 2008 at 4:23 AM, Johan Sørensen <jo...@johansorensen.com> wrote:
>
> There's no reason to send out emails in the test (or development)
> environment. That's the default too, so you must've changed it.
>
> $ grep delivery_method config/environments/test.rb
> config.action_mailer.delivery_method = :test

Oh, I see. I added a new delivery_method, which overrode that
setting. Thanks for letting me know.

Erik

Reply all
Reply to author
Forward
0 new messages