Setting up Password protected repositories?

Setting up Password protected repositories?

[Jon Loeliger]

So at the risk of asking a dead-stupid question for which
I should likely be soundly beaten for even asking...

How does one set up a git repository on a public site
but password/ssh protected it so that only a few trusted
people can access and update it?

Clearly, we should be using ssh+git: here somehow, right?
git-daemon has to know where to server out the files from,
but how do we get it to enforce a ssh-based access?  It's
easy to prevent http: from serving out the repository --
just place it outside of the webroot directory structure.

I can already enforce pushes to be password protected,
but the protection on pulls and clones eludes me.  I'd
also like to NOT grant login shell access on the repository
server machine, so I'm envisioning placing pubic keys from
trusted people somewhere too...

I feel like I am being blindly stupid here.

Any help for the weary?

Thanks,
jdl

Re: Setting up Password protected repositories?

[Junio C Hamano]

Jon Loeliger <jdl@jdl.com> writes:

> git-daemon has to know where to server out the files from,
> but how do we get it to enforce a ssh-based access?  It's
> easy to prevent http: from serving out the repository --
> just place it outside of the webroot directory structure.

It all depends on how you start git-daemon, but the last
parameters to git-daemon are path whitelist so presumably
placing the private repository outside of it should be enough.

Or am I missing something deeper?

Re: Setting up Password protected repositories?

[Jon Loeliger]

So, like, the other day Junio C Hamano mumbled:
> 
> It all depends on how you start git-daemon, but the last
> parameters to git-daemon are path whitelist so presumably
> placing the private repository outside of it should be enough.
> 
> Or am I missing something deeper?

I want git-daemon to serve up the repository.
I just want to have it served to people who can
supply a password or have an ssh key in place.

jdl

Re: Setting up Password protected repositories?

[Junio C Hamano]

Jon Loeliger <jdl@jdl.com> writes:

> So, like, the other day Junio C Hamano mumbled:
>> 
>> It all depends on how you start git-daemon, but the last
>> parameters to git-daemon are path whitelist so presumably
>> placing the private repository outside of it should be enough.
>> 
>> Or am I missing something deeper?
>
> I want git-daemon to serve up the repository.
> I just want to have it served to people who can
> supply a password or have an ssh key in place.

Sorry, git-daemon was written as anonymous download service from
the beginning and there is no provision for something like that
in place (as you probably have noticed when you hacked on it
recently ;-)).

Letting them ssh-in, and if you do not trust them giving them
git-shell as their login shell, might be an option.  I do not
think of anything else offhand that is already available.

Re: Setting up Password protected repositories?

[Shawn Pearce]

Jon Loeliger <jdl@jdl.com> wrote:
> So, like, the other day Junio C Hamano mumbled:
> > 
> > It all depends on how you start git-daemon, but the last
> > parameters to git-daemon are path whitelist so presumably
> > placing the private repository outside of it should be enough.
> > 
> > Or am I missing something deeper?
> 
> I want git-daemon to serve up the repository.
> I just want to have it served to people who can
> supply a password or have an ssh key in place.

Don't use git-daemon.

Instead create UNIX accounts for the people who need access and if
you don't want them to actually be able to login set their shell
to be `git-sh`.  This is a special shell-like thing that only lets
the user push or fetch to any repository they have access to.

The URL is a 'git+ssh' style URL and they will use SSH to connect.

Access is controlled by standard UNIX user/group read/write access
and ACLs if your OS/filesystem support them.  You can also control
pushing with an update hook.

-- 
Shawn.

Re: Setting up Password protected repositories?

[Jon Loeliger]

So, like, the other day Shawn Pearce mumbled:
> > > 
> > > Or am I missing something deeper?

Hmmm... Maybe _I_ am!...

> > I want git-daemon to serve up the repository.
> > I just want to have it served to people who can
> > supply a password or have an ssh key in place.
> 
> Don't use git-daemon.

Say that again?  It sounded like you said "Don't use git-daemon."

> Instead create UNIX accounts for the people who need access and if
> you don't want them to actually be able to login set their shell
> to be `git-sh`.  This is a special shell-like thing that only lets
> the user push or fetch to any repository they have access to.

Yeah, I think I'm getting it now.  Don't use git-daemon, and
instead set up UNIX accounts with git-sh as their shell.  That
will let them push and fetch from a repository they can access.

> The URL is a 'git+ssh' style URL and they will use SSH to connect.

Ahhh...  Straight ssh to git-sh, no git daemon or HTTP in the mix.

> Access is controlled by standard UNIX user/group read/write access
> and ACLs if your OS/filesystem support them.  You can also control
> pushing with an update hook.

OK.  I seem to recall a recipe down this line somwhere...  Is there
a current "Best Practices" write up somewhere with these details
outlined in it?

So slowly we are clued...

Thanks,
jdl

Re: Setting up Password protected repositories?

[J. Bruce Fields]

On Sun, Sep 17, 2006 at 11:22:03AM -0500, Jon Loeliger wrote:
> So, like, the other day Shawn Pearce mumbled:
> > Access is controlled by standard UNIX user/group read/write access
> > and ACLs if your OS/filesystem support them.  You can also control
> > pushing with an update hook.
> 
> OK.  I seem to recall a recipe down this line somwhere...  Is there
> a current "Best Practices" write up somewhere with these details
> outlined in it?

There's a few sentences in Documentation/cvs-migration.txt, and a little
more in Documentation/howto/update-hook-example.txt

--b.