User authentication in GIT

User authentication in GIT

[supadhyay]

Hi All,

I want to migrate my existing version control system (CVS) into GIT. The
first question which comes to me is in CVS we have user authentication like
username and their password while in GIT there is SSH authentication. 

Can any one suggest me what is the optimal way to manage the users in GIT?
Does all users having username,passowrd and SSH key? or thre is no users
credential but only SSH authentication? if I have 1000 users in old system
CVS then do I need to create a key for all 1000 users in GIT? or etc.


Thanks in advance...

--
View this message in context: http://git.661346.n2.nabble.com/User-authentication-in-GIT-tp7261349p7261349.html
Sent from the git mailing list archive at Nabble.com.

Re: User authentication in GIT

[Robin H. Johnson]

On Mon, Feb 06, 2012 at 10:12:09PM -0800,  supadhyay wrote:
> Hi All,
[snip]

1. Go and use gitolite.
2. All users must have their own SSH key. You do not create keys for them.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85

Re: User authentication in GIT

[Jakub Narebski]

supadhyay <supadhyay@imany.com> writes:

> I want to migrate my existing version control system (CVS) into GIT. The
> first question which comes to me is in CVS we have user authentication like
> username and their password while in GIT there is SSH authentication. 

Do you use _unencrypted_ pserver, or tunelling over SSH (with CVS_RSH)?
 
> Can any one suggest me what is the optimal way to manage the users in GIT?
> Does all users having username, passoword and SSH key? or there is no users
> credential but only SSH authentication? if I have 1000 users in old system
> CVS then do I need to create a key for all 1000 users in GIT? or etc.

First, Git supports unauthenticated anonymous fetching via custom
git:// protocol and via HTTP.  If you only need read-only access to
repository, it would be enough.  No account or SSH key necessary.

Second, Git uses SSH for authenthication instead of hand-rolling its
own security system, badly.  You don't need to create 1000 shell
accounts for SSH access: use tool like gitolite to manage git
repositories, which uses public-key infrastructure without need to
generate 1000 accounts.  You would still need for each user to
generate their own SSH key.

See gitolite documentation for more detail (older gitosis tool is no
longer maintained, as far as I know).

HTH
-- 
Jakub Narebski

Re: User authentication in GIT

[supadhyay]

Hi Robin and Jakub,

Thanks for your reply. But I am still not getting what exactly I need to
perform on GIT server. Please find my reply on your suggestion below:


Robin:
All users must have their own SSH key. You do not create keys for them. 
My rely: can you please give some more idea about how it works.. I am not
getting this or if you can provide any link for this to understand.


Jakub:
My reply: existing version control system used  pserver protocol.

You would still need for each user to generate their own SSH key.  
My reply: Do I need to store all end users sSH key in .ssh/authorized_keys
file on GIT server?


--
View this message in context: http://git.661346.n2.nabble.com/User-authentication-in-GIT-tp7261349p7262113.html
Sent from the git mailing list archive at Nabble.com.

Re: User authentication in GIT

[compufreak]

Inline respon

On Tue, Feb 7, 2012 at 12:47 PM, supadhyay <supadhyay@imany.com> wrote:
> Hi Robin and Jakub,
> ...
> Robin:
> All users must have their own SSH key. You do not create keys for them.
> My rely: can you please give some more idea about how it works.. I am not
> getting this or if you can provide any link for this to understand.

SSH authentication can use private/public keys. The user generates a
keypair on their computer and gives you their public key, the private
key stays on their computer.
>
> Jakub:
> My reply: existing version control system used  pserver protocol.
>
> You would still need for each user to generate their own SSH key.
> My reply: Do I need to store all end users sSH key in .ssh/authorized_keys
> file on GIT server?

If you were to do it manually, yes. But if you use gitolite [1], then
you add them to another git repository which handles everything for
you.

> --
> View this message in context: http://git.661346.n2.nabble.com/User-authentication-in-GIT-tp7261349p7262113.html
> Sent from the git mailing list archive at Nabble.com.
> --
> To unsubscribe from this list: send the line "unsubscribe git" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

[1]: https://github.com/sitaramc/gitolite

Re: User authentication in GIT

[Johan Herland]

On Tue, Feb 7, 2012 at 12:47, supadhyay <supadhyay@imany.com> wrote:
> Hi Robin and Jakub,
>
> Thanks for your reply. But I am still not getting what exactly I need to
> perform on GIT server. Please find my reply on your suggestion below:
>
>
> Robin:
> All users must have their own SSH key. You do not create keys for them.
> My rely: can you please give some more idea about how it works.. I am not
> getting this or if you can provide any link for this to understand.

- Each user generates their own ssh key pair on their own workstation
(in openssh, the command for generating a new key is called
'ssh-keygen')

- Each user then sends their public key to you (using email or
whatever communication form is easiest for you).

- You then load the keys into gitolite (by copying them into your
local clone of the gitolite-admin repo, committing, and pushing to the
gitolite-admin repo to the server).

More details here: http://sitaramc.github.com/gitolite/add.html (and
in associated documentation)

> Jakub:
> My reply: existing version control system used  pserver protocol.
>
> You would still need for each user to generate their own SSH key.
> My reply: Do I need to store all end users sSH key in .ssh/authorized_keys
> file on GIT server?

No. You load them into gitolite (as described above, and in gitolite's
documentation), and then gitolite takes care of managing them.


Have fun! :)

...Johan

-- 
Johan Herland, <johan@herland.net>
www.herland.net

Re: User authentication in GIT

[supadhyay]

Thank you Johan,freak.

you have clear my doubts at some extent and I think let me work on it.

I will work on giloite and get back to you.

Thanks...

--
View this message in context: http://git.661346.n2.nabble.com/User-authentication-in-GIT-tp7261349p7262934.html
Sent from the git mailing list archive at Nabble.com.

Re: User authentication in GIT

[Sitaram Chamarty]

On Tue, Feb 7, 2012 at 10:10 PM, supadhyay <supadhyay@imany.com> wrote:
> Thank you Johan,freak.
>
> you have clear my doubts at some extent and I think let me work on it.
>
> I will work on giloite and get back to you.

I've also been working on some nice pictures... maybe they will help,
who knows...

http://sitaramc.github.com/gitolite/pictures.html

Re: User authentication in GIT

[supadhyay]

Hi Sitaram,

Thanks for helping me by providing such a good link. Now, I am able to
understand how to manage the user in efficient way.

With that I have one question is-  in my GIT server we already migrated our
source code (pilot testing) from CVS to GIT. We used user "GITAdmin" for
migration and though its for pilot testing only we use the home directory
for source code repository is /home/GITAdmin/migration/VVD.git.

now the question is, I install gitolie using the same user "GITAdmin" and on
the same path i.e. /home/GITAdmin. And when add repository from my
workstation (git add conf/glitolite.conf) , this added repositories
directory on the GIT server path /home/GITAdmin/repositories/MRB.git

Now my confusion is my existing source code repository directory path during
migration /home/GITAdmin/migration/<repository.git> and now through gitolite
I want to manage both users and repositories  but through gitolite it add
repository in different path /home/GITAdmin/repositories/<repository.git>.


Can you please help how through gitolite I can add new repository on to the
same my exisitng migrated repository directory?




Thanks,
Suchi

--
View this message in context: http://git.661346.n2.nabble.com/User-authentication-in-GIT-tp7261349p7273350.html
Sent from the git mailing list archive at Nabble.com.

Re: User authentication in GIT

[Sitaram Chamarty]

On Fri, Feb 10, 2012 at 10:27 PM, supadhyay <supadhyay@imany.com> wrote:

> Now my confusion is my existing source code repository directory path during
> migration /home/GITAdmin/migration/<repository.git> and now through gitolite
> I want to manage both users and repositories  but through gitolite it add
> repository in different path /home/GITAdmin/repositories/<repository.git>.
>
>
> Can you please help how through gitolite I can add new repository on to the
> same my exisitng migrated repository directory?

gitolite keeps all its repos in whatever directory is pointed to by
$REPO_BASE in the rc file.  This is $HOME/repositories by default but
you can change it to whatever you want.  Instructions for changing it
are in the 4th bullet of
http://sitaramc.github.com/gitolite/rc.html#gitolite_rc_rarely_changed_variables_

If you are moving existing repos into gitolite, be sure to read
http://sitaramc.github.com/gitolite/moverepos.html -- if you do it
wrong you may end up without the crucial "update" hook and then all
access control will fail.

Re: User authentication in GIT

[supadhyay]

Thanks Sitaram for your reply and guidance.

>From your document I can see there are three different method to install
gitolite. May I know all methods advantage and disadvantage?

Thanks,
Suchi

--
View this message in context: http://git.661346.n2.nabble.com/User-authentication-in-GIT-tp7261349p7280277.html
Sent from the git mailing list archive at Nabble.com.

Re: User authentication in GIT

[Sitaram Chamarty]

On Mon, Feb 13, 2012 at 6:24 PM, supadhyay <supadhyay@imany.com> wrote:
> Thanks Sitaram for your reply and guidance.
>
> From your document I can see there are three different method to install
> gitolite. May I know all methods advantage and disadvantage?

see first para after the 4 bullets in
http://sitaramc.github.com/gitolite/install.html#install_installing_and_upgrading_gitolite_

Re: User authentication in GIT

[supadhyay]

Thanks for suggesting the link, but would like to know which method is the
most secure and optimal method to use.

For testing purpose we migrate our repositories from CVS2GIT but now having
issue wiht user managment. How to manage it ? We have users for different
repositories and having different access, somewhere I read about using
Gitolite I can mange users but not find the efficent and useful method to
use it.



Thanks .
..


--
View this message in context: http://git.661346.n2.nabble.com/User-authentication-in-GIT-tp7261349p7281349.html
Sent from the git mailing list archive at Nabble.com.