Gitolite SSH Setup

Last modified by Lisa Lammens on 2017/09/12 19:34

Back to Support 

Gitolite SSH Setup

Create SSH key on Linux

SSH keys offer a highly secure way of logging into a server and are best practice for authentication, allowing more security than a simple password.  SSH keys are tied to your identity (your email used on CAF) so you will need to ensure you have created or submitted SSH keys that match your identity. 

  • To create a key-pair, run ssh-keygen with the -t option. The -t option specifies which crypto system you want the key to use. The valid options are "rsa", "dsa". In this example, we have elected to use RSA authentication with keys that are 2048 bits or greater:

 $ ssh-keygen -t rsa -b 2048
 Generating public/private rsa key pair

  • Next you will be prompted for a passphrase, which is used to encrypt the private key. After you enter the passphrase you will be asked to verify it.

 Enter file in which to save the key (/home/sshuser/.ssh/id_rsa):
              Enter passphrase (empty for no passphrase): **********************
 Enter same passphrase again: **********************

  • If the two passphrases do not match, you will be given an error message and asked to enter the passphrases in again, as shown below.

 Passphrases do not match. Try again.
              Enter passphrase (empty for no passphrase): **********************
 Enter same passphrase again: **********************

  • Once the passphrases match, ssh-keygen will display a message indicated where the public and private keys will be saved.

 Your identification has been saved in /home/sshuser/.ssh/id_rsa.
              Your public key has been saved in /home/sshuser/.ssh/id_rsa.pub.
              The key fingerprint is:
              9a:7a:87:33:14:d2:12:72:7c:3f:ea:54:a4:2e:b6:ba sshuser@server.example.com

Configure SSH client settings

  • Edit your ssh client configuration, such that ssh requests to git.codeaurora.org are sent over port 9222 (if your site filters port 22). This is accomplished by creating or modifying /home/sshuser/.ssh/config with the following value.

  Host *.codeaurora.org
                 identityfile ~/.ssh/id_rsa  # identityfile <The path to the private key you generated> such as: /home/sshuser/.ssh/id_rsa
                 User git
                 Port 9222 # Optional: Can be used if a firewall is blocking port 22

  • Check that the file permissions are set properly on /home/sshuser/.ssh/config.  You can set the correct permissions by running the following command:

  chmod 644 ~/.ssh/config

Submitting your SSH key to CAF

You must generate your SSH public/private key, pair and upload the public key to your Developer account. SSH keys are tied to your identity (your email used on CAF) so you will need to ensure you have created or submitted SSH keys that match your identity in order to validate your access permissions.  CAF only supports 1 set of SSH keys per user.

  Keys less than 2048 bits in length will not be accepted for security reasons.

  1. Login to your Developer account on the CodeAurora website.
  2. Click on My account in the upper right corner.
  3. Click on the tab entitled "SSH keys".
  4. Click "Add a public key", enter a key title, paste the key in the appropriate field and click "Save".
  5. Copy the ssh key fingerprint.
  6. Send an e-mail to itpeople@codeaurora.org with the Subject: SSH Key for user: username@yourdomain.com. In the e-mail please detail:
    1. Your CAF account name.
    2. Which project/repositories you need access
    3. The ssh key fingerprint from step 4.  This command will output the fingerprint:  
                       ssh-keygen -lf <path to public key>
    4. Be sure to Cc: the project admins of the project/repos you need access to so they can approve.

  Once we verify with the project administrators that you should have access, we will grant it.

Tags:
Created by Greg Stinocher on 2013/01/15 14:50
   
This wiki is licensed under a Creative Commons 2.0 license
XWiki Enterprise 7.4.3 - Documentation