TurnKey Linux Virtual Appliance Library

How to setup user access for trac/git repository using SSH keys

David Killingsworth's picture

This is not so much a Trac appliance specific question, but I have not found any other place where it describes how to set this up.

I have a trac appliance setup (Ubuntu 10.04 version). 

I have initialized a couple of git repository projects.

example:

$ trac-initproject git davidsproject

I have the Trac portion of the projects setup properly and working fine.

The documentation at this URL http://www.turnkeylinux.org/docs/trac/usage
states that I if public access is enabled that I could initialize with:

git-push ssh://root@appliance_ip/srv/repos/git/public/davidsproject.git master

and our team's developers could clone the remote repository using:

git-clone ssh://root@appliance_ip/srv/repos/git/davidsproject

 

Here are my questions:

A) I don't want this to be a publicly accessible project.  This will be closed source, so we want to make sure that our team is the only users to be able to access the code/git repository.

B) We have 4 developers, can I just setup 4 Ubuntu users and passwords with SSH access

C) If answer to B is yes, do I have to create a group, add the users to the group, and give the group access to the /srv/repos/git/davidsproject folder??

D) if anser to C is yes, will that affect how trac is able to access the repository?

E) What about SSH keys.  Is there a better approach with using SSH keys instead of plain users and passwords for SSH access?

F) If I use SSH keys, what is the step by step process for doing so?

G) Is it possible to setup both SSH keys and Ubuntu users, so that there is accountability (each ubuntu user has an explicit SSH key)?  I have seen some documentation/instructions that recommend setting up a "git" user and allowing that user to publish the master git repository code, and then let all other team members clone that initial codebase.  The "git" user is setup for access  to the git repository, and each individual user is setup with an explicit SSH key which allows one Ubuntu user, and multiple SSH keys from real users for access.  Is this ideal, and what are the step by step processes.

H) Am I making this too complicated?

 

Please advise.

Kind Regards,
David

David Killingsworth's picture

What about gitosis

Additionally, I have seen some mention of using gitosis to manage granular access to git repositories.

I would prefer not to install yet another tool for managing this.  I would rather use what is in the appliance to begin with.

and the reason, I'm asking this on the TKL discussion forums, is that I want the Trac portion of the workflow to continue to work.  I'm afraid that if I install gitosis, that there may be some complication with accessiblity since we already have Trac and gitplugin for git working.

Thanks.


Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)