Search code examples
gitgithubsshgitlabgitosis

How does Github, Gitlab, Gitosis, etc.. knows which user is logged in?

I asked myself, how do those git-hosting tools/sites know which user is logged in.

I mean, you login via SSH [email protected]/... and this means you login as user git

and the only information that securely identifies you as your real user is your public key. But how does they figure out your login-public key?

One Way to do so is to look into a logfile shown in this question:

Can I find out which ssh key was used to access an account? https://unix.stackexchange.com/questions/15575/can-i-find-out-which-ssh-key-was-used-to-access-an-account

but this means you have to set up the loglevel to VERBOSE, but I have an Gitlab installation and the loglevel is at INFO and no overriding to the sshd_config anywhere..

so in short again: If you login at Github or gitlab via SSH it tells you:

ssh [email protected] PTY allocation request failed on channel 0

Hi USERNAME! You've successfully authenticated, but GitHub does not provide shell access.

Connection to github.com closed.

but how does github knows I am USERNAME when I login as git?

EDIT:

I know there is a mapping between my key and my account, but gitolite (or (for example ) the gitolite-shell must somehow know my public key, how is this key delivered to toe gitolite shell?

It somehow has to find out the ssh-public-key that is used in this session, this is the key to my question, how does it knows which ssh-key is used to login

Solution

  • Regarding gitolite (which replaces the outdated gitosis), it knows who you are because you registered your id along with your public ssh ket in the gitolite server ~git/.ssh/authorized_keys file.

    See "How do programs like gitolite work?".

    That file contains lines like:

    command="[path]/gitolite-shell sitaram",[more options] ssh-rsa AAAAB3Nt...

    Which means an ssh session will call gitolite-shell with a parameter representing your id.

    This has nothing to do with the config user.name you are using for your commits.
    It has everything to do with the authentication mechanism (https or ssh) you are using, which is then passed along an authorization layer like gitolite.

    GitHub has its own authorization layer (different from gitolite), but the idea is the same (the login is associated to the ssh public key).