Due to some serious problems with a Git repo on Windows over HTTP, we're moving our Git 'server' to Linux.
Assuming I have already the msysgit for Windows installed and Putty, how will I authenticate the SSH connection when I clone, pull and push?
In case of SSH:
on the server, you'll need to allow authentication with public and private keys, you can google how to do it, for example http://shapeshed.com/setting_up_git_for_multiple_developers/
on the client, just put your private key into .ssh folder in your windows home, for example C:\Users\Name\.ssh, much like on unixes.
You can still use HTTP, it will either (1) always ask for username and password or (2) you can also put username and password into the URL: https://username:password#git.mydomain.com/...
This page has everything covered about using PuTTy for Git public key authentication.
In short:
Generate keypair with puttygen
Put the public key in server
In your local computer, set GIT_SSH environment variable to point to plink.exe
Run putty pageant and load your private key there
I recommend working through this tutorial.
The caveat is that it talks about github, so the story of telling the server about your SSH key is different.
What's also different is how do you intend to manage your developers.
The "problem" is that SSH operates with real remote (server-side, I mean) users, which have to have regular Unix system accounts.
This is okay if you have just a handful of developers. You then just need to add all of them to a special group (say, devel) and make sure you initialize your server-side bare repos using git init --bare --shared=group and make them group-writable and belonging to that group devel (this might also be helped out by creating all the repos under a directory which has its "group sticky bit" set and belongs to that group devel).
To distribute the public part of a developer's key to the server in such a setup you have to literally copy and paste that key part (from the developer's id_rsa.pub file, it's ASCII) to the file /home/developer/.ssh/authorized_keys file. If that file does not exist, create it.
If the key was generated on a machine with OpenSSH client installed, you can transfer the key using the ssh-copy-id program, in one step.
This might become messy, so you might consider implementing a solution which virtualizes Git users (like github does). There are plenty to choose from:
gitolite — supposedly the most popular solution. No frills, is administered using a specialized admin Git repo holding the developers' public keys and a configuration file describing the repos and permissions on them. Plain Perl, installable as a package on most sensible distros.
gitlab — a turn-key all-in-one solution. Written in Ruby, so you might face maintenance nightmares.
gitblit — another all-in-one solution, written in pure Java (note that it does not call out to vanilla Git and uses a pure Java Git layer — JGit).
Related
I have a set up a private remote git server (not GitHub).
I can perform all operations fine from the command line without problem. This server also works fine with IntelliJ.
From within Xcode I can PULL changes. But mysteriously I cannot push changes even though both require authentication. I am using SSH.
I've seen lots of posts about windows authentication, IIS, and other special cases. But I have not seen anything about being able to pull but not push. And I have no idea where Xcode might write any logging. At the user level it just says Authentication failed. I am using SSH (no certs).
Any advice on where to even start looking would be greatly appreciated.
Posting for posterity, but: check your ssh keys if you are using key-based auth. I was having a devil of a time trying to get Xcode to do any git ops, until I changed the ssh setup to use an RSA key. ECDSA doesn't work. Not sure about any other keys, but apple docs on setting up continuous integration with xcode always talk about RSA keys, which was my clue.
Well it seems this has been broken since Xcode 7, two years ago.
THE solution (all caps because this is the ONLY thing that works) is to put the password in the git server URL. So you can have function or security - but not both. Apparently the Xcode parsing of the git config is VERY VERY defective.
git config --edit
Use THIS exact syntax for the git server URL (assuming ssh without certificate)
url = ssh://username:passwd#server/path/to/project.git
Ugly but works.
On my Windows 8.1 dev machine I have replaced my broken HDD with a new one and installed Git. I now want to continue to commit changes to a project (which I've copied, with git folder, to my new HDD from a backup) using the same credentials I used before. But my SSH keys are now irretrievably lost on the old HDD. Is there a way to continue to contribute to the project as "me"?
If you are using SSH to authenticate against a remote repository, then you don't necessarily need your old key. You can generate a new key pair and add the public key to your remote repository. How that works in detail depends on what service you are using.
Your "git identity" is tied to your name and email address used in commits, not to your method of authentication.
We already had a secured VPN using OpenVPN, so we don't want to use Git with SSH to avoid double encryption.
I successfully set up Bonobo Git Server on IIS 7 on Windows 2008 RC2 and created an repository. But when I tried to clone that repository from my laptop using Git GUI, it kept asking me username and password repetitively although I gave it the correct username and password created on Bonobo Server.
When I intentionally gave it incorrect credentials, it threw an expected authentication error.
Do you have any advice for me so I can connect to Git Server? Is it due to the lack of SSH keys?
As far as I can see, Bonobo offers three different authentication mechanisms: Forms, Basic, and Windows authentication. None of these involve SSH, so no, you are not using SSH and you don’t need SSH keys to make this work. SSH is just one mechanism that is commonly used for Git servers (simply because they run on Linux machines, and SSH access is very common there).
Bonobo uses the forms authentication by default. I believe you cannot preset the login information anywhere so you don’t have to enter it over and over again. You can do that with basic authentication though by changing the remote URL to include the credentials (e.g. http://user:password#bonobo-server/project.git). Of course, this will put the credentials in clear text into the repository’s configuration file, and also send the password in clear text over the network. The VPN connection will prevent someone outside of the VPN connection reading out that password, but inside of the VPN connection it is sent as clear text, so keep that in mind.
The more secure way would be Windows authentication. It uses your Windows login to authenticate at the server, and you won’t need to store your password somewhere. To Windows, it’s the “natural” authentication system, just like SSH is to Linux.
I was successful with poke's suggestion in his comment, which is utilizing a shared folder pointing to a remote bare repository.
Has anybody successfully configured Teamcity to monitor, extract, and build from GitHub?
I can't seem to figure how where and how to configure the SSH keys for Teamcity. I have Teamcity running as a system service, under a system account. So where does Teamcity stash its SSH configuration?
EDIT
To get this to work, I needed to stop the agent from running under a system account.
Ok... I got this to start working on my Windows server. Here are the steps I took to configure TeamCity 4.5 Professional:
Downloaded the JetBrains Git VCS Plugin
Copied the downloaded zip file to .BuildServer\plugins
In the Administration > Edit Build Configuration > Edit VCS Root configuration screen, I selected "Git (JetBrains)"
Entered my Clone Url from the GitHub project page
Set for authentication method "Default Private Key" -- this is IMPORTANT
The TeamCity BuildAgent should be running as a standard user, with the SSH installation configured properly for that user.
Follow the GitHub SSH directions for SSH configuration
Leave the username blank. This should already be provided for in your GitHub clone URL
I got "Default Private Key" to work with agents running as the SYSTEM user on Windows. For me, the answer was having the identity file at
C:\Windows\SysWOW64\config\systemprofile\.ssh\id_rsa
instead of at
C:\Windows\System32\config\systemprofile\.ssh\id_rsa
Your question is specific to SSH, but it is certainly easier and quicker to use HTTP over TLS, as GitHub and TeamCity both now support HTTP authentication. Furthermore, GitHub also supports personal api tokens with limited permissions, that you may configure to your liking, or create a new user if you prefer.
See image below of our TeamCity settings.
Since TeamCity 8.1, there is an official support for SSH key management, please read this docs: https://confluence.jetbrains.com/display/TCD9/SSH+Keys+Management
for private key, username must be blank.
(This is a up to date answer to an old question)
I got ssh based builds working with github/gitlab and teamcity 7 like this:
Log onto the teamcity machine and use puttygen/ssh-keygen to generate a rsa key pair and save the openssh key somewhere sensible.
(Gotcha - Using puttygen? Make sure the private key is in openssh format - puttygen > conversions > export openssh key)
I suggest you save the private key in
C:\.ssh\id_rsa
Now setup "default private key" in teamcity - create a file
C:\.ssh\config
And in it place this:
Host * IdentityFile c:\.ssh\id_rsa
Login to your gitlab/guthub account and paste in the openssh public key for your teamcity private key.
You should now be able to create a git vcs root in teamcity that can use the default private key to pull your source.
You may need a third party plugin like this
I don't know why but choosing Default Private Key failed to me.
Then I choose to Custom Private Key as screen shot below:
The Username field has to be empty.
The Passphrase field is the password of the your private key
(Assume you have added the public key of this private key in git already.)
Hope no one got stuck like me !
For some reason, no matter how I go about it, I cannot get TortoiseSVN to add an Author to Log Messages.
Currently we connect to a PC running svnserve, so it's not a file:// Address.
We have tried using svn://Username#svnAddress, svn://svnAddress
Even setting svn:keywords $Author: AuthorName$
I was under the impression that TortoiseSVN would use the windows login name, prior to upgrading from a file based repo, these did show.
Note: We are also connecting to a domain, if this would affect anything.
also, no hook scripts are in play and the svnserve.conf is default.
SVN Server is using SVN Version 1.5.1 (x86), Windows Server 2003.
Clients are using latest version of Tortoise, both x86 and x64.
Any help would be much appreciated.
Ohh and the SVN is used for source code, so it is programming related :) (well semi related anyway)
The svn: protocol, by default, does not do any authentication, and consequently, no identification of the remote user. As TortoiseSVN does not need to authenticate, no user gets logged.
The SVN keywords don't have to do much with this: If you put $Author$ in a file, it will expand to the author of the commit, rather than setting the user. In the keyword syntax, there is no support for colons.
So if you want to authenticate with svnserve, you should first set anon-access to none or read, to force an authentication prompt. You then need to setup a password database; svnserve has only support for CRAM-MD5 builtin. I recommend you try to get this working first, handing out new passwords to all users. Alternatively, you can try to setup SASL, which would then allow for NTLM authentication - provided you can get SASL to work on your system.
Yet alternatively, you can switch to a different protocol. If, by "PC", you mean "Windows", then I guess the ssh-based protocol is ruled out. That leaves http(s); it should be possible to set up Apache on Windows with NTLM authentication, so that the NTLM user appears as the svn author.