I've just set up a git + Gitolite server on debian, generated a key pair on my workstation (Windows) with puttygen and register the first pub key using on the server
gitosis setup -pk firstuser.pub
Then I use TortoiseGit to clone the gitolite-admin repo, using url : git@git.myserv.com:gitolite-admin and tel Tortoise to use firstuser.ppk as private key. It works fine until this point.
Then I want to test adding a user and creating a new repo on my workstation.
I add in the conf file a section :
repo testcreation
RW+ = seconduser
I generate on my workstation a second ssh key pair for seconduser. Just put the seconduser.pub in keydir/ commit and push the new config.
Config seam to be alright, my new user pub key added to ~/.ssh/authorized_keys of the git user on server side.
I set up a new repo on my workstation with Tortoise, add a new remote :
name : origin
url : git@git.myserv.com:testcreation
Putty Key : seconduser.ppk
And then push to create repo
TortoiseGit Log :
git.exe push --all --progress "origin"
FATAL: W any testcreation firstuser DENIED by fallthru
(or you mis-spelled the reponame)
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
git did not exit cleanly (exit code 128) (1591 ms @ 12/02/2014 12:20:17)
Why does Gitolite identify me as firstuser when I send the senconduser private key ? Does it have something to do with the fact I use two different key on the same workstation ?
Well, I found out how to resolve my problem.
Note that my workstation is under Windows
The fact is, TortoiseGit is not using OpenSSH as SSH Client but Putty. It really is bothering in my case because TortoiseGit with Plink (putty) can not handle 2 private keys to authenticate 2 different Gitolite users from the same workstation to a single user@host (in my case firstuser and seconduser) using putty as ssh client.
Note that in real life, you probably won't need to use 2 different ssh authentification on the same workstation, I only needed that to do 'tests'.
The issue is putty is, as far as I see, registering 1 key per user@host (git@git.myserv.com), I needed two key...I figured that out after using git bash (and openSSH) using ssh config file in %HOMEDRIVE%%HOMEPATH%\.ssh\config
Here is my config :
Host gitfirstuser
HostName git.myserv.com
User git
IdentityFile ~/.ssh/firstuser@git.myserv.com
Host gitseconduser
HostName git.myserv.com
User git
IdentityFile ~/.ssh/seconduser@git.myserv.com
where firstuser@git.myserv.com and seconduser@git.myserv.com are private key file in OpenSSH key format
After that, I could clone testcreation.git without any trouble using git bash
git clone gitseconduser:testcreation
and so push, pull, etc...
But when you have some GUI fanboy, git bash is just a nightmare, so here is the solution in TortoiseGit to make it use a REAL ssh client :
Open TortoiseGit Settings :
> Network section > SSH Client input > Browse...
Look up for ssh.exe in msysgit installation directory, in my case :
C:\Program Files\Git\bin\ssh.exe
Once you changed the ssh client to ssh.exe you can fully take advantage of your ssh config file.
For exemple :
in your %HOMEDRIVE%%HOMEPATH%\.ssh\config
Host ssh_host_1
HostName git.myserv.com
User git
IdentityFile ~/.ssh/ssh_host_1_keyfile
In TortoiseGit when adding a remote, or cloning use the following url :
ssh_host_1:repository_name
No need to look for a private key file, openssh will do the identification according to ssh_host_1 section