基于SSH的选择性访问Git存储库 [英] Selective access to Git repository based on SSH
问题描述
我有一个拥有6个Git存储库的服务器,我已经通过一个SSH帐户读取并写入访问权限,所有都在/ opt / git /中,全部由SSH帐户拥有。
我想给其他人读取和写入访问一些存储库,但不是所有。
- 如何创建一个只能访问少数选择存储库的新SSH用户?
- 我可以使用文件权限(当前为0755)来控制此类访问吗?
- 是否有最佳做法?
我们不太可能会有第三位开发人员在一段时间内,至少在我们没有得到正确的系统管理员之前,所以没关系,如果它现在足够好的话。
由 gitolite 管理授权层),这将允许您配置一个列表:- ssh用户密钥
- 存储库
然后将您想要的用户关联到正确的回购站。
所有用户仍然可以通过ssh使用帐户git访问这些回购站,但使用他们自己的公钥/私钥SSH密钥(在gitolite配置文件中注册),使用类似于以下命令生成:
ssh-keygen -t rsa -f$ {H} /。ssh / myLogin-C我的Gitolite访问(不是交互式) - q -P
每个用户都会设置一个 %HOME%/ .ssh / config file 以引用 myLogin / myLogin.pub 键。
I have a server with six Git repositories, to which I have read+write access through a single SSH account, all in /opt/git/, all owned by the SSH account.
I'd like to give somebody else read+write access the a few of the repositories, but not to all.
- How do I create a new SSH user that has access to only a few select repositories?
- Can I use filepermissions (currently 0755) to control this type of access?
- Are there any best practices?
It's unlikely we'll have a third developer for quite a while, atleast not before we get a proper sysadmin, so it's okay if it's "good enough for now".
That would be best managed by gitolite (an authorization layer), which would allow you to configure a list of:
- ssh user keys
- repositories
And associate the users you want to the right repos.
All users would still access those repos through ssh with the account git, but using their own public/private ssh keys (registered in gitolite config file), generated with a command similar to:
ssh-keygen -t rsa -f "${H}/.ssh/myLogin" -C "My Gitolite access (not interactive)" -q -P ""
Each user would set up a %HOME%/.ssh/config file in order to reference myLogin/myLogin.pub keys.
这篇关于基于SSH的选择性访问Git存储库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
