I have an
www-data running with
php which is controlling a git server.
www-data user creates Unix users (having given it
sudo adduser), and those users are supposed to control their own private git directory, where each user can house his/hers repositories.
Apache adds a unix user
bar, with a home in
/var/www/git/barand the user has no password (
baris part of group
+rwxto the group members, and has his shell set to
This is done so that
www-datacan access his home directory and populate it with repositories and ssh keys.
The skeleton home directory is also populated with
git-shell-commandsand the user
/var/www/git/bar/.ssh/authorized_keyswhere it appends my test user's
www-data adds a new user and then a new repository it does:
sudo adduser --disabled password\ --home /var/www/git/bar\ --conf /var/www/conf/adduser.conf\ --ingroup gitusers\ bar
The above ^^ is done via php.
authorized_keys are owned by
www-data proceeds to create a new directory and initialize it:
git --bare init
My test user
foo can read it from ssh (it just clones an empty repository).
Once I try to push an initial commit:
git clone ssh://foo@localhost:/var/www/git/bar/test.git cd test touch readme vim readme git add . git commit -m "init" git push origin master firstname.lastname@example.org's password: Counting objects: 6, done. Compressing objects: 100% (2/2), done. Writing objects: 100% (6/6), 411 bytes | 0 bytes/s, done. Total 6 (delta 0), reused 0 (delta 0) remote: error: insufficient permission for adding an object to repository database ./objects remote: fatal: failed to write object error: unpack failed: unpack-objects abnormal exit To ssh://foo@localhost:/var/www/git/bar/random.git ! [remote rejected] master -> master (unpacker error) error: failed to push some refs to 'ssh://foo@localhost:/var/www/git/bar/random.git'
I am asked for
foo user's password (which is the user with the public key).
This is NOT the Unix user who owns the home directory, that is user
bar who has a disabled password.
- why am I being asked for an ssh password? shouldn't they ssh key take care of that?
- If I create a
barwith a password, then I can use that git repository, replacing
- When I don't use
ssh://at all, I am still able to
clonebut get the same error when pushing as
foobut not as
barprovided I enable the password.
What am I doing wrong?
Is it because the permissions of
authorized_keys are too open or not owned by
Even when I go (as sudo) into the
bar homedir and make everything owned by him, I still get the same error.
Finally, I have set my
.ssh/config for test user
foo so that:
Host localhost Hostname 127.0.0.1 IdentityFile ~/.ssh/foo User foo