git仓库服务器SSH认证示例
git在用户管理及管理上,下面上三种解决办法:
如果需要团队里的每个人都对仓库有写权限,又不能给每个人在服务器上建立账户,那么提供SSH 连接就是唯一的选择了。我们假设用来共享仓库的服务器已经安装了SSH 服务,而且你通过它访问服务器。
如何搭建git服务器有好几个办法可以让团队的每个人都有访问权。
第一个办法是给每个人建立一个账户,直截了当但过于繁琐。反复的运行adduser 并且给所有人设定临时密码可不是好玩的。
第二个办法是在主机上建立一个git 账户,让每个需要写权限的人发送一个SSH 公钥,然后将其加入git 账户的~/.ssh /authorized_keys 文件。这样一来,所有人都将通过git 账户访问主机。这丝毫不会影响提交的数据——访问主机用的身份不会影响commit的记录。
另一个办法是让SSH 服务器通过某个LDAP 服务,或者其他已经设定好的集中授权机制,来进行授权。只要每个人都能获得主机的shell 访问权,任何可用的SSH 授权机制都能达到相同效# 如果需要团队里的每个人都对仓库有写权限,又不能给每个人在服务器上建立账户,那么提供SSH 连接就是唯一的选择了。我们假设用来共享仓库的服务器已经安装了SSH 服务,而且你通过它访问服务器。
git 共享仓库服务器:Aries.lansgg 192.168.100.128
git 客户测试机:node1.lansgg 192.168.100.129
方法一示例、
git 仓库服务器,新建仓库,测试机获取git仓库,修改,远程上传。ssh 方式
[root@Aries ~]# useradd -d /opt/gitServer gitServer[root@Aries ~]# echo “git”|passwd --stdin gitServer更改用户gitServer 的密码。passwd:所有的身份验证令牌已经成功更新。[root@Aries ~]# yum install git -y[root@Aries ~]# su - gitServer[gitServer@Aries ~]$ ls[gitServer@Aries ~]$ mkdir TestProject.git[gitServer@Aries ~]$ cd TestProject.git/[******************************]$git--bare initInitialized empty Git repository in /opt/gitServer/TestProject.git/[gitServer@Aries TestProject.git]$ lsbranches config description HEAD hooks info objects refs客户测试机
[root@node1 ~]# useradd -d /opt/gitServer gitServer[root@node1 ~]# echo “gitServer” |passwd --stdin gitServer更改用户gitServer 的密码。passwd:所有的身份验证令牌已经成功更新。[root@node1 ~]# su - gitServer[root@node1 ~]# git clone *****************.100.128:/opt/gitServer/TestProject.gitInitialized empty Git repository in /root/TestProject/.git/The authenticity of host …192.168.100.128 (192.168.100.
128)‟ can‟t be established.RSA key fingerprint is 9f:32:3a:b0:db:03:b6:c8:fc:a0:47:6c:e5:d1:b0:6a.Are you s ure you want to continue connecting (yes/no)? yesWarning: Permanently added …192.168.100.128‟ (RSA)***************************************.100.128‟spassword:warning:Y ou appear to
have cloned an empty repository.[root@node1 ~]# lsanaconda-ks.cfg install.log install.log.syslog TestProject[root@node1 ~]# cd TestProject/[root@node1 TestProject]# echo “test file” > test.file[root@node1 TestProject]# git add test.file [root@node1 TestProject]# git config --global user.name “gitServer”[root@node1 Te stProject]# git config --ail **************[root@node1TestProject]#gitcommit-m “test commit” test.file[master 96bf273] test commit 1 files changed, 1 insertions(+), 1 deletions(-)[gitServer@node1 TestProject]$ git remote add test_remote_origin ssh://192.168.100.128/opt/gitServer/TestProject.git[gitServer@node1 TestProject]$ git push test_remote_origin ***********************.100.128‟s password: Counting objects: 5, done.Writing objects: 100% (3/3), 252 bytes, done.Total 3 (delta 0), reused 0 (delta 0)To ssh://192.168.100.128/opt/gitServer/TestProject.git 7e2e4a4..96bf273 master -> mastergit 仓库服务端
[gitServer@Aries TestProject.git]$ git logcommit 96bf2738c6602283ea91778b999f7adf66c0082cAuthor: gitServer <********************>Date:Tue Sep 2
2 17:05:12 2015 +0800 test commit我们可以随便个目录clone下,看看是否存在刚刚提交的test.file
[root@Aries ~]# mkdir /opt/tt[root@Aries ~]# cd /opt/tt[root@Aries tt]# git clone *****************.100.128:/opt/gitServer/TestProject.gitInitialized empty Git repository in /opt/tt/TestProject/.git/The authenticity of host …192.168.100.128 (192.168.100.128)‟ can‟t be established.RSA key fingerprint is 9f:32:3a:b0:db:03:b6:c8:fc:a0:47:6c:e5:d1:b0:6a.Are you sure you want to continue connecting (yes/no)? yesWarning: Per manently added …192.168.100.128‟ (RSA) to the list of known ***********************.100.128‟s password: remote: Counting objects: 6, : Compressing objects: 100% (2/2), done.Receiving objects: 100% (6/6), 435 bytes, : Total    6 (delta 0), reused 0 (delta 0)[root@Aries tt]# lsTestProject[root@Aries tt]# cd TestProject/[root@Aries TestProject]# lstest.file[root@Aries TestProject]# cat test.file test file abc[root@Aries TestProject]#方法二示例、
在测试机创建两个账户user1 user2,分别将秘钥上传至git 仓库侧,
[root@node1 ~]# useradd -d /opt/user1 user1[root@node1 ~]# echo “user1” |passwd --stdin user1更改用户user1 的密码。passwd:所有的身份验证令牌已经成功更新。[root@node1 ~]# useradd -d /opt/user2 user2[root@node1 ~]# echo “user2” |passwd --stdin user2更改用户user2 的密码。passwd:
所有的身份验证令牌已经成功更新。[root@node1 ~]#[root@node1 ~]# su - user1[user1@node1 ~]$ ssh-keygen -t rsa[root@node1 ~]# su - user2[user1@node1 ~]$ ssh-keygen -t rsa分别将user1、user2 用户的公钥新增git仓库服务器侧的
[user2@node1 .ssh]$ pwd/opt/user2/.ssh[user2@node1 .ssh]$ ll总用量8-rw-------. 1 user2 user2 1671 9月22 17:18 id_rsa-rw-r--r--. 1 user2 user2 404 9月22 17:18 id_rsa.pub[user2@node1 .ssh]$ cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp0Im8iL7UR2b0PWrJ98YY/nqvjnuYWNc2F52SYn1 /WA8rwGBWW0WBmKMoyW8YfSpCVk7QbyhX48Y3KF/Gf16CWRMm8xuyA+S5Seq3ZGn LbbVhb0OMO8VDAldovnIuPdI6005+ux/WbG1FKr3WxGs5k92ZO9hbXxpc V A wpvHY47t1v2L H5fW2jThypWMolUdp9TaNy7FkD2zaUNhbdqM1w67OSydiHAMfj183sEso9TykiXJvwlJeLdU MFywPTwfVqu2rxV0lY68B2mwr1pl5mcGPA4/0ruX8vSFsFLev8+yi7LjccChAu/suPIFGLqRXr kW8ymsN/l3CkldnS9Y0BQ==******************[***************]$git仓库服务侧[gitServer@Aries ~]$ mkdir .ssh && chmod 700 .ssh[gitServer@Aries ~]$ touch .ssh/authorized_keys && chmod 600 .ssh/authorized_keys[gitServer@Aries
~]$ cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1pII1U64N/wl1OXotWdcU8d8+ad0q6tkqdBgXLcR5 zqXIq9PP
e1NeLJ5HS9UIvZeN/LEyXGYh+fyg8tFQ+2PN3CmxnVwwcciyl1AKAgTeKUdleh8q cXPZkI0YZBpgTbuYWYHNjA6Qd9cvJSdKe9cVvwsv7N1z17Mx1uIfNSuSZ9e4XqUsJksBAzA YEGar4S13+Y/il7lquwkrdVBiWfWHmf/WoeY2RnzNBe9YtPVFUPL8HEoYyY a U+YXXMZK OZ8JwuLu1CPDJHTquSTyqdEwmgJWDdoiipgtyVOEVGZC0CqV16M2Y pVqw26rrZ+nXUQY EnTrWyIiqt8/xvzmeDIf0Q== ******************ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp0Im8iL7UR2b0PWrJ98YY/nqvjnuYWNc2F52SYn1 /WA8rwGBWW0WBmKMoyW8YfSpCVk7QbyhX48Y3KF/Gf16CWRMm8xuyA+S5Seq3ZGn LbbVhb0OMO8VDAldovnIuPdI6005+ux/WbG1FKr3WxGs5k92ZO9hbXxpc V A wpvHY47t1v2L H5fW2jThypWMolUdp9TaNy7FkD2zaUNhbdqM1w67OSydiHAMfj183sEso9TykiXJvwlJeLdU MFywPTwfVqu2rxV0lY68B2mwr1pl5mcGPA4/0ruX8vSFsFLev8+yi7LjccChAu/suPIFGLqRXr kW8ymsN/l3CkldnS9Y0BQ== ******************[gitServer@Aries~]$客户测试机无需用户名、密码
[user1@node1~]$*************************.100.128:/opt/gitServer/TestProject.gitInitialized empty Git repository in /opt/user1/TestProject/.git/The authenticity of host …192.168.100.128 (192.168.100.128)‟ can‟t be established.RSA key fingerprint is 9f:32:3a:b0:db:03:b6:c8:fc:a0:47:6c:e5:d1:b0:6a.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added …192.168.100.128‟ (RSA) to the list of : Counting objects: 9, : Compressing objects: 100
% (3/3), : Total 9 (delta 0), reused 0 (delta 0)Receiving objects: 100% (9/9), done.[user1@node1 ~]$
如果提交过程:提示如下错误
Counting objects: 3, done.Writing objects: 100% (3/3), 247 bytes | 0 bytes/s, done.Total 3 (delta 0), reused 0 (delta 0)remote: error: refusing to update checked out branch: refs/heads/masterremote: error: By default, updating the current branch in    a non-bare repositoryremote: error: is denied, because it will make the index and work tree inconsistentremote: error: with what you pushed, and will require …git reset --hard‟ to matchremote: error: the work tree : error:remote: error: Y ou can set …receive.denyCurrentBranch‟ configuration variable toremote: error: …ignore‟ or …warn‟ in the remote repository to allow pushing intoremote: error: its current branch; however, this is not recommended unless youremote: error: arranged to update its work tree to match what you pushed in someremote: error: : error:remote: error: To squelch this message and still keep the default behaviour, setremote: error: …receive.denyCurrentBranch‟ configuration variable to …refuse‟.试着将如下配置新增到
[*********************]$cat.git/config[receive]denyCurrentBranch = ignore再次提交有兴趣朋友可以了解更多java教程java.itcast/java/video.shtml

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。