how to clone gerrit repo by using the username "git" git@mygerrit.com

[刘壮]

The gitlab / github websit offer the way to download repo by using "git clone g...@github.com" as long as you set your public_key into your account config.

but , in my company 's Gerrit websit， i can only use the way "git clone myuse...@mygerrit.com" to download repo。

when i use " git clone g...@mygerrit.com ",  Permission denied(publickey) reported.

I want to find a way to clone gerrit repo by using the username "git"  g...@mygerrit.com。

so, any help is appreciated!  thanks in advance.

[Andrew Grimberg]

Unless your username is "git" you won't be able to. The underlying
authentication system of Gerrit requires that you use a unique username
for connection.

> so, any help is appreciated!  thanks in advance.
>

> --
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
> <http://groups.google.com/group/repo-discuss?hl=en>
>
> ---
> You received this message because you are subscribed to the Google
> Groups "Repo and Gerrit Discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to repo-discuss...@googlegroups.com
> <mailto:repo-discuss...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/repo-discuss/82f0ffaf-19b4-4b45-b66d-d7edefce5f58n%40googlegroups.com <https://groups.google.com/d/msgid/repo-discuss/82f0ffaf-19b4-4b45-b66d-d7edefce5f58n%40googlegroups.com?utm_medium=email&utm_source=footer>.

[Sven Selberg]

On Thursday, November 2, 2023 at 4:27:22 PM UTC+1 Andrew Grimberg wrote:

On 11/2/23 07:28, 刘壮 wrote:
> The gitlab / github websit offer the way to download repo by using "git
> clone g...@github.com" as long as you set your public_key into your
> account config.
>
> but , in my company 's Gerrit websit， i can only use the way "git clone
> myuse...@mygerrit.com" to download repo。
>
> when i use " git clone g...@mygerrit.com ",  Permission denied(publickey)
> reported.
>
> I want to find a way to clone gerrit repo by using the username "git"
>  g...@mygerrit.com。

Unless your username is "git" you won't be able to. The underlying
authentication system of Gerrit requires that you use a unique username
for connection.

True, but...

If you

* have a git user on the server and you can

* set up a `authorized_keys` files, for that user, with SSH public keys that you extract from Gerrit and

* in that authorized_keys files you map each public key with a command that redirects the call to Gerrit through  the suexec command:
   https://gerrit-review.googlesource.com/Documentation/cmd-suexec.html

You should accomplish a hack that allows Gerrit users to issue `git clone ssh://g...@gerrit.company.com/my/project`, if the user is using an SSH key that is registered to Gerrit (is mapped in the authorized_keys file of the `git` user.
Fair warning is that it will become a dependency that will be difficult, and potentially take a long time, to get rid of.

A more straightforward way to let you issue the command is to set an instead-of in your ~/.gitconfig file:

```

[url "ssh://gerrit.company.com:29418"]

insteadOf = ssh://g...@gerrit.company.com

```

or from your example

```

[url "ssh://gerrit.company.com:29418"]

insteadOf = g...@gerrit.company.com

```

Depending on which alias you want to use.

[Sven Selberg]

Don't forget the list when replying.

---

From: 刘壮 <boogi...@gmail.com>
Sent: Tuesday, 7 November 2023 07:15
To: Sven Selberg <Sven.S...@axis.com>
Subject: 与“how to clone gerrit repo by using the username "git" g...@mygerrit.com”相关的私人帖子

 

thanks for reply, 

but I still hope that people using “Git”  account have access control. Different people have different permissions. Instead of a back door or mapping .

In the company I used to work for, they actually achieve access control when everyone using "git" account.

The users aren't really "becoming" the git account they are allowed to ssh into the server as git just to be mapped by the ssh key they used and then redirected to Gerrit as themselves with permissions according to the ACLs set up in Gerrit.